From mogens at fumlersoft.dk  Thu Oct  1 05:39:35 2015
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Thu, 01 Oct 2015 12:39:35 +0700
Subject: Does any one know why
In-Reply-To: <11D8E491D9562549A61FD3186F3634200269A44E43@exchange.techeez.com>
References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com>
 <560C2957.1090400@msapiro.net>
 <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com>
 <560C3197.1040601@msapiro.net>
 <11D8E491D9562549A61FD3186F3634200269A44A66@exchange.techeez.com>
 <1DB72AED-057C-4485-8D84-EFC795664302@mailborder.com>
 <11D8E491D9562549A61FD3186F3634200269A44D6E@exchange.techeez.com>
 <C33967B7-CEC2-41D8-A70E-4CBC1451C72F@mailborder.com>
 <11D8E491D9562549A61FD3186F3634200269A44E43@exchange.techeez.com>
Message-ID: <2780ecca460fb8aaf82ab7b8dc3fa084@fumlersoft.dk>

What's wrong with stopping mailscanner, and doing a rm in that folder?

On 2015-10-01 05:01, Philip Parsons wrote:
> Not that painless when there are couple of million files per server 
> ..hahahaha
> 
> -----Original Message-----
> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info]
> On Behalf Of Jerry Benton
> Sent: September-30-15 2:57 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: Does any one know why
> 
> You will have to try it. I don’t have the answer to that. However,
> cleaning out that folder is pretty painless.

-- 
Mogens
+66 8701 33224


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From it at festa.bg  Thu Oct  1 12:32:46 2015
From: it at festa.bg (Valentin Laskov)
Date: Thu, 1 Oct 2015 15:32:46 +0300
Subject: Reject message only if it's not a spam
In-Reply-To: <CALjWBnfm54Ap4+ofpgbsno6zpyoGCWBNvd=x6aHJ7G5iSo5diQ@mail.gmail.com>
References: <CALjWBnfHCy3gtjvRdBMCSwjSd0M8V+2MHbB0rLa1v2DArt_pQQ@mail.gmail.com>
 <201509301219.23741.Antony.Stone@mailscanner.open.source.it>
 <CALjWBneLbYFNB0N=f8p1806USnuMc85uPFbnTnYgpwNtjbeM=A@mail.gmail.com>
 <201509301309.20704.Antony.Stone@mailscanner.open.source.it>
 <560BC61C.70702@festa.bg>
 <CALjWBnfm54Ap4+ofpgbsno6zpyoGCWBNvd=x6aHJ7G5iSo5diQ@mail.gmail.com>
Message-ID: <560D27EE.3010908@festa.bg>

There are variables  $to , $from ,  $subject ,  $date ... etc. (you can 
see them in report files)
I don't know are they available in CustomAction.pm , but probably yes

You can try something like this in CustomAction.pm :

system("cat /path/to/your/text.txt | sendmail $to");


На 30.09.2015 в 21:19, Mateusz Krawczyk написа:
> OK - thanks. The "Non Spam Actions = custom" looks really interesting.
>
> One problem only. I have no idea how to send a reject mail in my
> custom sub. Is it possible to do it in some MailScanner way or just
> using Perl functions ?
>
> Regards,
> Mateusz Krawczyk
>
> 2015-09-30 13:23 GMT+02:00 Valentin Laskov <it at festa.bg>:
>> Hi  Mateusz
>>
>> Your start point may be
>>
>> Non Spam Actions = %rules-dir%/Non.Spam.Actions.rules
>>
>> in MailScanner.conf
>>
>> and arrange some rules in Non.Spam.Actions.rules
>>
>> or if
>> Non Spam Actions = custom
>>
>> #    custom(parameter)       - Call the CustomAction function in
>> /usr/lib/Mail-
>> # Scanner/MailScanner/CustomFunctions/CustomAction
>> #                              .pm with the 'parameter' passed in. This can
>> be
>> #                              used to implement any custom action you
>> require.
>> #
>>
>>
>> Regards!
>> Valentin Laskov
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>


From it at festa.bg  Thu Oct  1 12:40:13 2015
From: it at festa.bg (Valentin Laskov)
Date: Thu, 1 Oct 2015 15:40:13 +0300
Subject: Reject message only if it's not a spam
In-Reply-To: <560D27EE.3010908@festa.bg>
References: <CALjWBnfHCy3gtjvRdBMCSwjSd0M8V+2MHbB0rLa1v2DArt_pQQ@mail.gmail.com>
 <201509301219.23741.Antony.Stone@mailscanner.open.source.it>
 <CALjWBneLbYFNB0N=f8p1806USnuMc85uPFbnTnYgpwNtjbeM=A@mail.gmail.com>
 <201509301309.20704.Antony.Stone@mailscanner.open.source.it>
 <560BC61C.70702@festa.bg>
 <CALjWBnfm54Ap4+ofpgbsno6zpyoGCWBNvd=x6aHJ7G5iSo5diQ@mail.gmail.com>
 <560D27EE.3010908@festa.bg>
Message-ID: <560D29AD.6080400@festa.bg>

correction :)
system("cat /path/to/your/text.txt | sendmail $from");


На 01.10.2015 в 15:32, Valentin Laskov написа:
> There are variables  $to , $from ,  $subject ,  $date ... etc. (you 
> can see them in report files)
> I don't know are they available in CustomAction.pm , but probably yes
>
> You can try something like this in CustomAction.pm :
>
> system("cat /path/to/your/text.txt | sendmail $to");
>
>
> На 30.09.2015 в 21:19, Mateusz Krawczyk написа:
>> OK - thanks. The "Non Spam Actions = custom" looks really interesting.
>>
>> One problem only. I have no idea how to send a reject mail in my
>> custom sub. Is it possible to do it in some MailScanner way or just
>> using Perl functions ?
>>
>> Regards,
>> Mateusz Krawczyk
>>
>> 2015-09-30 13:23 GMT+02:00 Valentin Laskov <it at festa.bg>:
>>> Hi  Mateusz
>>>
>>> Your start point may be
>>>
>>> Non Spam Actions = %rules-dir%/Non.Spam.Actions.rules
>>>
>>> in MailScanner.conf
>>>
>>> and arrange some rules in Non.Spam.Actions.rules
>>>
>>> or if
>>> Non Spam Actions = custom
>>>
>>> #    custom(parameter)       - Call the CustomAction function in
>>> /usr/lib/Mail-
>>> # Scanner/MailScanner/CustomFunctions/CustomAction
>>> #                              .pm with the 'parameter' passed in. 
>>> This can
>>> be
>>> #                              used to implement any custom action you
>>> require.
>>> #
>>>
>>>
>>> Regards!
>>> Valentin Laskov
>>>
>>>
>>>
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>
>>
>
>
>


From mat.krawczyk at gmail.com  Thu Oct  1 19:36:29 2015
From: mat.krawczyk at gmail.com (Mateusz Krawczyk)
Date: Thu, 1 Oct 2015 21:36:29 +0200
Subject: Reject message only if it's not a spam
In-Reply-To: <560D29AD.6080400@festa.bg>
References: <CALjWBnfHCy3gtjvRdBMCSwjSd0M8V+2MHbB0rLa1v2DArt_pQQ@mail.gmail.com>
 <201509301219.23741.Antony.Stone@mailscanner.open.source.it>
 <CALjWBneLbYFNB0N=f8p1806USnuMc85uPFbnTnYgpwNtjbeM=A@mail.gmail.com>
 <201509301309.20704.Antony.Stone@mailscanner.open.source.it>
 <560BC61C.70702@festa.bg>
 <CALjWBnfm54Ap4+ofpgbsno6zpyoGCWBNvd=x6aHJ7G5iSo5diQ@mail.gmail.com>
 <560D27EE.3010908@festa.bg> <560D29AD.6080400@festa.bg>
Message-ID: <CALjWBneVFqCyOMDG-e_6uhaRsO+EHesF_K3FZzyNBd8YkQhrMA@mail.gmail.com>

Thank you - it's exactly what I was looking for.

Regards,
Mateusz Krawczyk

2015-10-01 14:40 GMT+02:00 Valentin Laskov <it at festa.bg>:
> correction :)
> system("cat /path/to/your/text.txt | sendmail $from");
>
>
>
> На 01.10.2015 в 15:32, Valentin Laskov написа:
>>
>> There are variables  $to , $from ,  $subject ,  $date ... etc. (you can
>> see them in report files)
>> I don't know are they available in CustomAction.pm , but probably yes
>>
>> You can try something like this in CustomAction.pm :
>>
>> system("cat /path/to/your/text.txt | sendmail $to");
>>
>>
>> На 30.09.2015 в 21:19, Mateusz Krawczyk написа:
>>>
>>> OK - thanks. The "Non Spam Actions = custom" looks really interesting.
>>>
>>> One problem only. I have no idea how to send a reject mail in my
>>> custom sub. Is it possible to do it in some MailScanner way or just
>>> using Perl functions ?
>>>
>>> Regards,
>>> Mateusz Krawczyk
>>>
>>> 2015-09-30 13:23 GMT+02:00 Valentin Laskov <it at festa.bg>:
>>>>
>>>> Hi  Mateusz
>>>>
>>>> Your start point may be
>>>>
>>>> Non Spam Actions = %rules-dir%/Non.Spam.Actions.rules
>>>>
>>>> in MailScanner.conf
>>>>
>>>> and arrange some rules in Non.Spam.Actions.rules
>>>>
>>>> or if
>>>> Non Spam Actions = custom
>>>>
>>>> #    custom(parameter)       - Call the CustomAction function in
>>>> /usr/lib/Mail-
>>>> # Scanner/MailScanner/CustomFunctions/CustomAction
>>>> #                              .pm with the 'parameter' passed in. This
>>>> can
>>>> be
>>>> #                              used to implement any custom action you
>>>> require.
>>>> #
>>>>
>>>>
>>>> Regards!
>>>> Valentin Laskov
>>>>
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>>
>>>
>>
>>
>>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>

From greminn at gmail.com  Mon Oct  5 03:12:03 2015
From: greminn at gmail.com (Simon)
Date: Mon, 5 Oct 2015 16:12:03 +1300
Subject: Allow .eib attachements for a single domain
Message-ID: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>

Hi There,

Pretty self explanatory request really :)

I have a single client, who needs to receive .eib files - these are
currently getting marked as bad files: "MailScanner: No programs allowed
(AUCKOUTER.eib)"

Is there a way you can do this with a rule?

Thanks,

Simon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151005/c888c275/attachment.html>

From greminn at gmail.com  Mon Oct  5 03:18:49 2015
From: greminn at gmail.com (Simon)
Date: Mon, 5 Oct 2015 16:18:49 +1300
Subject: Allow .eib attachements for a single domain
In-Reply-To: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
Message-ID: <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>

Further to this.. note that i do have:

allow \.eib$ - -

In my filename.rules.conf file...

:)

Simon

On Mon, Oct 5, 2015 at 4:12 PM, Simon <greminn at gmail.com> wrote:

> Hi There,
>
> Pretty self explanatory request really :)
>
> I have a single client, who needs to receive .eib files - these are
> currently getting marked as bad files: "MailScanner: No programs allowed
> (AUCKOUTER.eib)"
>
> Is there a way you can do this with a rule?
>
> Thanks,
>
> Simon
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151005/b9c3e471/attachment.html>

From Denis.Beauchemin at usherbrooke.ca  Mon Oct  5 12:39:15 2015
From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin)
Date: Mon, 5 Oct 2015 12:39:15 +0000
Subject: Allow .eib attachements for a single domain
In-Reply-To: <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
 <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
Message-ID: <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>

I’m not using it but I believe it has to do with the filetype.rules.conf rather than the filename.rules.conf which you seem to be using. The “file” command can tell you the eib file type to use in the config file.

Denis

De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Simon
Envoyé : 4 octobre 2015 23:19
À : MailScanner Discussion <mailscanner at lists.mailscanner.info>
Objet : Re: Allow .eib attachements for a single domain

Further to this.. note that i do have:

allow \.eib$ - -
In my filename.rules.conf file...

:)

Simon

On Mon, Oct 5, 2015 at 4:12 PM, Simon <greminn at gmail.com<mailto:greminn at gmail.com>> wrote:
Hi There,

Pretty self explanatory request really :)

I have a single client, who needs to receive .eib files - these are currently getting marked as bad files: "MailScanner: No programs allowed (AUCKOUTER.eib)"

Is there a way you can do this with a rule?

Thanks,

Simon



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151005/3f4ad0df/attachment.html>

From mat.krawczyk at gmail.com  Wed Oct  7 06:08:14 2015
From: mat.krawczyk at gmail.com (Mateusz Krawczyk)
Date: Wed, 7 Oct 2015 08:08:14 +0200
Subject: User notification
Message-ID: <CALjWBndtJRKqN1tVeqi+-kjn=jV3+bspTjLCi6TAb2U02mgMGA@mail.gmail.com>

Hello,

I would like to ask if there is a possibility to disable sending reports:

Stored Bad Content Message Report
Stored Bad Filename Message Report
Stored Virus Message Report
Stored Size Message Report

or

Deleted Bad Content Message Report
Deleted Bad Filename Message Report
Deleted Virus Message Report
Deleted Size Message Report

to users. I know how to disable sender or system administrators
notification but I couldn't find options for user notification.

Regards,
Mateusz Krawczyk

From mark at msapiro.net  Thu Oct  8 01:10:16 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 7 Oct 2015 18:10:16 -0700
Subject: User notification
In-Reply-To: <CALjWBndtJRKqN1tVeqi+-kjn=jV3+bspTjLCi6TAb2U02mgMGA@mail.gmail.com>
References: <CALjWBndtJRKqN1tVeqi+-kjn=jV3+bspTjLCi6TAb2U02mgMGA@mail.gmail.com>
Message-ID: <5615C278.2030909@msapiro.net>

On 10/06/2015 11:08 PM, Mateusz Krawczyk wrote:
> 
> I would like to ask if there is a possibility to disable sending reports:
> 
> Stored Bad Content Message Report
> Stored Bad Filename Message Report
> Stored Virus Message Report
> Stored Size Message Report
> 
> or
> 
> Deleted Bad Content Message Report
> Deleted Bad Filename Message Report
> Deleted Virus Message Report
> Deleted Size Message Report
> 
> to users. I know how to disable sender or system administrators
> notification but I couldn't find options for user notification.


Well, if you eliminate these reports, you will be delivering an edited
message to the recipient with no notification to the recipient that what
you delivered did not contain everything that was in the original.

Aside from the fact that this may not be lawful in some jurisdictions,
do you really want to do that.

If you still think you do, the text of those messages is in the
reports/LC/ subdirectory of the MailScanner config directory for each
supported language. If I want to edit these I copy reports/en/* to
reports/local/ and edit the files there and put

%report-dir% = /etc/MailScanner/reports/local

in MailScanner.conf.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mat.krawczyk at gmail.com  Thu Oct  8 07:13:36 2015
From: mat.krawczyk at gmail.com (Mateusz Krawczyk)
Date: Thu, 8 Oct 2015 09:13:36 +0200
Subject: User notification
In-Reply-To: <5615C278.2030909@msapiro.net>
References: <CALjWBndtJRKqN1tVeqi+-kjn=jV3+bspTjLCi6TAb2U02mgMGA@mail.gmail.com>
 <5615C278.2030909@msapiro.net>
Message-ID: <CALjWBnexMFdVzcFaePDA+0nBRLhz+xnSBFBxNQG8ovezdxPqUQ@mail.gmail.com>

Mark Sapiro,

Thank you for your response. The conclusion is that there is no option
for disabling sending message to user that he has received message
with virus. Am I right ?

The only possibility is to change text of those messages ?

For me the problem is connected with sending such messages to mailing lists.

Regards,
Mateusz Krawczyk

2015-10-08 3:10 GMT+02:00 Mark Sapiro <mark at msapiro.net>:
> On 10/06/2015 11:08 PM, Mateusz Krawczyk wrote:
>>
>> I would like to ask if there is a possibility to disable sending reports:
>>
>> Stored Bad Content Message Report
>> Stored Bad Filename Message Report
>> Stored Virus Message Report
>> Stored Size Message Report
>>
>> or
>>
>> Deleted Bad Content Message Report
>> Deleted Bad Filename Message Report
>> Deleted Virus Message Report
>> Deleted Size Message Report
>>
>> to users. I know how to disable sender or system administrators
>> notification but I couldn't find options for user notification.
>
>
> Well, if you eliminate these reports, you will be delivering an edited
> message to the recipient with no notification to the recipient that what
> you delivered did not contain everything that was in the original.
>
> Aside from the fact that this may not be lawful in some jurisdictions,
> do you really want to do that.
>
> If you still think you do, the text of those messages is in the
> reports/LC/ subdirectory of the MailScanner config directory for each
> supported language. If I want to edit these I copy reports/en/* to
> reports/local/ and edit the files there and put
>
> %report-dir% = /etc/MailScanner/reports/local
>
> in MailScanner.conf.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>

From mailscanner at replies.cyways.com  Thu Oct  8 14:32:52 2015
From: mailscanner at replies.cyways.com (Peter H. Lemieux)
Date: Thu, 8 Oct 2015 10:32:52 -0400
Subject: User notification
In-Reply-To: <CALjWBnexMFdVzcFaePDA+0nBRLhz+xnSBFBxNQG8ovezdxPqUQ@mail.gmail.com>
References: <CALjWBndtJRKqN1tVeqi+-kjn=jV3+bspTjLCi6TAb2U02mgMGA@mail.gmail.com>
 <5615C278.2030909@msapiro.net>
 <CALjWBnexMFdVzcFaePDA+0nBRLhz+xnSBFBxNQG8ovezdxPqUQ@mail.gmail.com>
Message-ID: <56167E94.8040102@replies.cyways.com>

You can use a ruleset to modify the effects of the "Deliver Cleaned Messages" option.  We have this set to "no" globally because hardly any infected messages ever have legitimate content.  If you want to deliver cleaned messages to most recipients, but not to the listserver(s), you can write a ruleset with

To: listserver at example.com      no
To: default                     yes

You can also edit the various report files so they have zero length.  They will be attached but have no content.

Peter


On 10/8/2015 3:13 AM, Mateusz Krawczyk wrote:
> Mark Sapiro,
>
> Thank you for your response. The conclusion is that there is no option
> for disabling sending message to user that he has received message
> with virus. Am I right ?
>
> The only possibility is to change text of those messages ?
>
> For me the problem is connected with sending such messages to mailing lists.
>
> Regards,
> Mateusz Krawczyk
>
> 2015-10-08 3:10 GMT+02:00 Mark Sapiro <mark at msapiro.net>:
>> On 10/06/2015 11:08 PM, Mateusz Krawczyk wrote:
>>>
>>> I would like to ask if there is a possibility to disable sending reports:
>>>
>>> Stored Bad Content Message Report
>>> Stored Bad Filename Message Report
>>> Stored Virus Message Report
>>> Stored Size Message Report
>>>
>>> or
>>>
>>> Deleted Bad Content Message Report
>>> Deleted Bad Filename Message Report
>>> Deleted Virus Message Report
>>> Deleted Size Message Report
>>>
>>> to users. I know how to disable sender or system administrators
>>> notification but I couldn't find options for user notification.
>>
>>
>> Well, if you eliminate these reports, you will be delivering an edited
>> message to the recipient with no notification to the recipient that what
>> you delivered did not contain everything that was in the original.
>>
>> Aside from the fact that this may not be lawful in some jurisdictions,
>> do you really want to do that.
>>
>> If you still think you do, the text of those messages is in the
>> reports/LC/ subdirectory of the MailScanner config directory for each
>> supported language. If I want to edit these I copy reports/en/* to
>> reports/local/ and edit the files there and put
>>
>> %report-dir% = /etc/MailScanner/reports/local
>>
>> in MailScanner.conf.
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>
>

From greminn at gmail.com  Wed Oct 14 02:45:05 2015
From: greminn at gmail.com (Simon Buchanan)
Date: Wed, 14 Oct 2015 15:45:05 +1300
Subject: Allow .eib attachements for a single domain
In-Reply-To: <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
 <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>
Message-ID: <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>

Just me again :)

So I’ve checked the file with “file”, and the type comes out as this:

$ file S530-F2.eib
S530-F2.eib: 0420 Alliant virtual executable

Or short is “alliant”.. so i have this in filetype.rules.conf:

allow alliant - -

And this in filename.rules.conf: 

allow \.eib$ - -

Yet it is still blocking these files with the following message "MailScanner: No programs allowed (6AOlsenAve.eib)”

Can anyone please check out what i have above? Is this correct? 

Simon




> On 6/10/2015, at 1:39 AM, Denis Beauchemin <Denis.Beauchemin at usherbrooke.ca> wrote:
> 
> I’m not using it but I believe it has to do with the filetype.rules.conf rather than the filename.rules.conf which you seem to be using. The “file” command can tell you the eib file type to use in the config file.
>  
> Denis
>  
> De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Simon
> Envoyé : 4 octobre 2015 23:19
> À : MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Objet : Re: Allow .eib attachements for a single domain
>  
> Further to this.. note that i do have:
>  
> allow \.eib$ - -
> 
> In my filename.rules.conf file...
>  
> :)
>  
> Simon
>  
> On Mon, Oct 5, 2015 at 4:12 PM, Simon <greminn at gmail.com <mailto:greminn at gmail.com>> wrote:
> Hi There,
>  
> Pretty self explanatory request really :) 
>  
> I have a single client, who needs to receive .eib files - these are currently getting marked as bad files: "MailScanner: No programs allowed (AUCKOUTER.eib)" 
>  
> Is there a way you can do this with a rule?
>  
> Thanks,
>  
> Simon
>  
>  
>  
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151014/f411c37b/attachment.html>

From mark at msapiro.net  Wed Oct 14 03:05:45 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 Oct 2015 20:05:45 -0700
Subject: Allow .eib attachements for a single domain
In-Reply-To: <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
 <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>
 <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>
Message-ID: <561DC689.4040701@msapiro.net>

On 10/13/2015 07:45 PM, Simon Buchanan wrote:
> Just me again :)
> 
> So I’ve checked the file with “file”, and the type comes out as this:
> 
> $ file S530-F2.eib
> S530-F2.eib: 0420 Alliant virtual executable
> 
> Or short is “alliant”.. so i have this in filetype.rules.conf:
> 
> allow alliant - -


Are you using TAB as a field separator in the above. This is required.

Allow Filetypes which references filetype.rules.conf ius an "all match"
rule set, so it shouldn't matter, but does the above come before

deny    executable	...

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From greminn at gmail.com  Wed Oct 14 04:55:34 2015
From: greminn at gmail.com (Simon)
Date: Wed, 14 Oct 2015 17:55:34 +1300
Subject: Allow .eib attachements for a single domain
In-Reply-To: <561DC689.4040701@msapiro.net>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
 <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>
 <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>
 <561DC689.4040701@msapiro.net>
Message-ID: <CAM+OHSfCsY49Zq49CPQpipqweLiDMTJQG0jFjVr_RN0N1dqKiQ@mail.gmail.com>

On Wednesday, 14 October 2015, Mark Sapiro <mark at msapiro.net> wrote:

> On 10/13/2015 07:45 PM, Simon Buchanan wrote:
> > Just me again :)
> >
> > So I’ve checked the file with “file”, and the type comes out as this:
> >
> > $ file S530-F2.eib
> > S530-F2.eib: 0420 Alliant virtual executable
> >
> > Or short is “alliant”.. so i have this in filetype.rules.conf:
> >
> > allow alliant - -
>
>
> Are you using TAB as a field separator in the above. This is required.


Yes using tabs thanks ;)


>
> Allow Filetypes which references filetype.rules.conf ius an "all match"
> rule set, so it shouldn't matter, but does the above come before
>
> deny    executable      ...


Hmm let me check on that


>
> --
> Mark Sapiro <mark at msapiro.net <javascript:;>>        The highway is for
> gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <javascript:;>
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151014/67ce3eb9/attachment.html>

From greminn at gmail.com  Wed Oct 14 21:03:51 2015
From: greminn at gmail.com (Simon Buchanan)
Date: Thu, 15 Oct 2015 10:03:51 +1300
Subject: Allow .eib attachements for a single domain
In-Reply-To: <CAM+OHSfCsY49Zq49CPQpipqweLiDMTJQG0jFjVr_RN0N1dqKiQ@mail.gmail.com>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
 <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>
 <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>
 <561DC689.4040701@msapiro.net>
 <CAM+OHSfCsY49Zq49CPQpipqweLiDMTJQG0jFjVr_RN0N1dqKiQ@mail.gmail.com>
Message-ID: <7D0D339B-F9DA-4B03-A491-3F23FE94694D@gmail.com>


> On 14/10/2015, at 5:55 PM, Simon <greminn at gmail.com> wrote:
> 
> 
> On Wednesday, 14 October 2015, Mark Sapiro <mark at msapiro.net <mailto:mark at msapiro.net>> wrote:
> On 10/13/2015 07:45 PM, Simon Buchanan wrote:
> > Just me again :)
> >
> > So I’ve checked the file with “file”, and the type comes out as this:
> >
> > $ file S530-F2.eib
> > S530-F2.eib: 0420 Alliant virtual executable
> >
> > Or short is “alliant”.. so i have this in filetype.rules.conf:
> >
> > allow alliant - -
> 
> 
> Are you using TAB as a field separator in the above. This is required.
> 
> Yes using tabs thanks ;)
>  
> 
> Allow Filetypes which references filetype.rules.conf ius an "all match"
> rule set, so it shouldn't matter, but does the above come before
> 
> deny    executable      ...
> 
> Hmm let me check on that

OK, so yes the allow comes before the deny.

My filename.rules.conf - http://pastebin.com/SfHsCgzK <http://pastebin.com/SfHsCgzK>
My filetype.rules.conf - http://pastebin.com/DnPFDe3k <http://pastebin.com/DnPFDe3k>

Any further assistance here is greatly appreciated :)

Simon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151015/5ab5e0a1/attachment.html>

From mark at msapiro.net  Thu Oct 15 00:35:30 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 14 Oct 2015 17:35:30 -0700
Subject: Allow .eib attachements for a single domain
In-Reply-To: <7D0D339B-F9DA-4B03-A491-3F23FE94694D@gmail.com>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
 <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>
 <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>
 <561DC689.4040701@msapiro.net>
 <CAM+OHSfCsY49Zq49CPQpipqweLiDMTJQG0jFjVr_RN0N1dqKiQ@mail.gmail.com>
 <7D0D339B-F9DA-4B03-A491-3F23FE94694D@gmail.com>
Message-ID: <561EF4D2.5090602@msapiro.net>

On 10/14/2015 02:03 PM, Simon Buchanan wrote:
> 
> 
> OK, so yes the allow comes before the deny.
> 
> My filename.rules.conf - http://pastebin.com/SfHsCgzK
> My filetype.rules.conf - http://pastebin.com/DnPFDe3k
> 
> Any further assistance here is greatly appreciated :)


Are any of

Allow Filetypes
Deny  Filetypes
Allow MIME Filetypes
Deny  MIME Filetypes

non-empty in MailScanner.conf or an included conf.d/ file. Non-empty
values here can cause filetype.rules.conf to be ignored.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From glenn.steen at gmail.com  Fri Oct 16 03:58:57 2015
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri, 16 Oct 2015 05:58:57 +0200
Subject: Strange MailScanner --lint error
In-Reply-To: <55CE6031.4010801@msapiro.net>
References: <2123413622.3065342.1439585578172.JavaMail.yahoo@mail.yahoo.com>
 <55CE6031.4010801@msapiro.net>
Message-ID: <CAAug_B-o1r8Pyy3rSuShdigzjU1Cri3kqCgcMPBaCvstjaY-rA@mail.gmail.com>

Just a little clarification, if any is needed... Back in the days there was
a...  Contriversy... About using one user prefs file for setting things
that clearly should be in a .cf file... The symlink was suggested as a
workaround, and... It stuck. But for some versions, the setting was still
possible... And then removed.
At that time, and henceforth, the upgrade conf script would have removed
the setting altogether, something that was missed on Bryans system (script
simply not run, or not correctly:-)).

Cheers!
-- 
-- Glenn
Den 14 aug 2015 11:40 em skrev "Mark Sapiro" <mark at msapiro.net>:

> Bryan Laurila wrote:
>
> That got rid of the error but can you shed some light into why that line
> was commented out (assuming by default) and what uncommenting it will do
> to the functionality of MailScanner?
>
> I think the "Spamassassin Prefs File" setting has been disabled for some
> time. The file is normally /etc/MailScanner/spam.assassin.prefs.conf or
> whatever is symlinked from mailscanner.cf in the spamassassin config
> directory.
>
> If you set "Spamassassin Prefs File" in MailScanner's config, you get
> the Unrecognised keyword error because ConfigDefs.pl doesn't recognize
> it. If you uncomment the
>
> #spamassassinprefsfile  /etc/MailScanner/spam.assassin.prefs.conf
>
> line in ConfigDefs.pl, Mailscanner allows the directive without
> complaint, but it does nothing with the setting no matter what you set
> it to.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151016/3fe34ca1/attachment.html>

From glenn.steen at gmail.com  Fri Oct 16 04:07:12 2015
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri, 16 Oct 2015 06:07:12 +0200
Subject: SA auto-learn settings not working
In-Reply-To: <CD2B43BC1F2BA94FA1CDBBAD9FBD621C612B1372@EXDAG30-N2.hostallapps.net>
References: <CD2B43BC1F2BA94FA1CDBBAD9FBD621C612B1372@EXDAG30-N2.hostallapps.net>
Message-ID: <CAAug_B8KLPw0MY7A=y6Hwe0r1_RoP15EfqG6pXTd3uoOBrpx1w@mail.gmail.com>

Please read https://wiki.apache.org/spamassassin/AutolearningNotWorking and
you then run your perceived problem message through a spamassassin debug
run... It'll probably be obvious why this happens.

-- 
-- Glenn
Den 18 aug 2015 11:01 em skrev "Alex Short" <alex at short.net>:

> Main problem is that according to mailwatch, only things that are like >44
> or something are getting 'learned' as spam.  I'd like to drop the score
> required to something like >10 and learn it as spam.  Now I'm manually
> using mailwatch to give me results from 10-20 and tagging them as spam
> which has proven quite effective (if not annoying!).
>
>
>
> The way I know its not learning is using mailwatch it says 'SpamAssassin
> Autolearn': N
>
>
>
> I've tried putting this stuff in local.cf, and mailscanner.cf -- doesn't
> appear to make a difference.  I know that it isn't learning because when I
> tell it to learn something that scored 15, it accepts it and learns it (vs
> saying 0)
>
>
>
> local.cf:bayes_auto_learn                         1
> local.cf:bayes_auto_learn_threshold_nonspam    -5.0
> local.cf:bayes_auto_learn_threshold_spam       11.0
>
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151016/f8cea060/attachment.html>

From glenn.steen at gmail.com  Fri Oct 16 05:18:32 2015
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri, 16 Oct 2015 07:18:32 +0200
Subject: Mailscanner Status = Stopped
In-Reply-To: <5603008E.6060407@dld2000.com>
References: <55A50C01.7040204@dld2000.com>
 <41EF5653-F15D-4D1F-B64B-6781E87292AC@mailborder.com>
 <5603008E.6060407@dld2000.com>
Message-ID: <CAAug_B9B9h6vEWfUyZHcJef061Oo8GBnbpuREGfQZ28UmKifdA@mail.gmail.com>

So...  cPanel and whm? This isn't really a MailScanner issue, but rather a
monitoring/managament tool issue... The tool you are using isn't aware of
the respawning nature of MailScanner, so it naively saves a pid and
monitors for that... After a while (4 hours by default) that process will
respawn, meankng it'll die and start a brand new one.
So moral of the storage is "get smarter monitoring".

Cheers!
-- 
-- Glenn
Den 23 sep 2015 9:42 em skrev "Walt Thiessen" <wt at dld2000.com>:

> MailScanner's status on my server keeps showing stopped whenever I check
> it via WHM, but the logs in MailWatch show continuous activity.
>
> In particular, between 7 AM and nearly 10 AM today, I kept getting email
> notifications from my server that the MailScanner service was down, even
> though emails were passing through MailScanner's logs (as shown in
> MailWatch). After 34 failed attempts to restart during that time, it
> successfully restarted at just before 10 AM.
>
> That wasn't the end of the problem, just a time slice of it. However, I
> haven't received email notifications since then of the service being down,
> even though it currently shows that the service is stopped in WHM.
>
> The Message Listing log in MailWatch periodically shows entries like this
> one (I've replaced specific names with generic placeholders in square
> brackets):
>
> 23/09/15 09:00:44     root@ [hostname]     root@[hostname]     lfd on
> [hostname]: Excessive resource usage: [account-on-hostname] (1468 (Parent
> PID:30444))     1Kb     0.00     W/L
>
> Clicking MailScanner Restart in ConfigServer MailScanner FE doesn't help
> to solve this issue.
>
> Can anyone advise me why this might be happening? My server admins have
> looked at it, and they're stumped so far.
>
> Walt
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151016/ebeb31de/attachment.html>

From jerry.benton at mailborder.com  Fri Oct 16 05:24:30 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Fri, 16 Oct 2015 01:24:30 -0400
Subject: Mailscanner Status = Stopped
In-Reply-To: <CAAug_B9B9h6vEWfUyZHcJef061Oo8GBnbpuREGfQZ28UmKifdA@mail.gmail.com>
References: <55A50C01.7040204@dld2000.com>
 <41EF5653-F15D-4D1F-B64B-6781E87292AC@mailborder.com>
 <5603008E.6060407@dld2000.com>
 <CAAug_B9B9h6vEWfUyZHcJef061Oo8GBnbpuREGfQZ28UmKifdA@mail.gmail.com>
Message-ID: <A8307B22-36BF-47D0-B9AF-639871B44060@mailborder.com>

I know a guy.

-
Jerry Benton
www.mailborder.com



> On Oct 16, 2015, at 1:18 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
> 
> So...  cPanel and whm? This isn't really a MailScanner issue, but rather a monitoring/managament tool issue... The tool you are using isn't aware of the respawning nature of MailScanner, so it naively saves a pid and monitors for that... After a while (4 hours by default) that process will respawn, meankng it'll die and start a brand new one.
> So moral of the storage is "get smarter monitoring".
> 
> Cheers! 
> -- 
> -- Glenn
> 
> Den 23 sep 2015 9:42 em skrev "Walt Thiessen" <wt at dld2000.com <mailto:wt at dld2000.com>>:
> MailScanner's status on my server keeps showing stopped whenever I check it via WHM, but the logs in MailWatch show continuous activity.
> 
> In particular, between 7 AM and nearly 10 AM today, I kept getting email notifications from my server that the MailScanner service was down, even though emails were passing through MailScanner's logs (as shown in MailWatch). After 34 failed attempts to restart during that time, it successfully restarted at just before 10 AM.
> 
> That wasn't the end of the problem, just a time slice of it. However, I haven't received email notifications since then of the service being down, even though it currently shows that the service is stopped in WHM.
> 
> The Message Listing log in MailWatch periodically shows entries like this one (I've replaced specific names with generic placeholders in square brackets):
> 
> 23/09/15 09:00:44     root@ [hostname]     root@[hostname]     lfd on [hostname]: Excessive resource usage: [account-on-hostname] (1468 (Parent PID:30444))     1Kb     0.00     W/L
> 
> Clicking MailScanner Restart in ConfigServer MailScanner FE doesn't help to solve this issue.
> 
> Can anyone advise me why this might be happening? My server admins have looked at it, and they're stumped so far.
> 
> Walt
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151016/386c4bb8/attachment.html>

From glenn.steen at gmail.com  Fri Oct 16 05:34:14 2015
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri, 16 Oct 2015 07:34:14 +0200
Subject: Allow .eib attachements for a single domain
In-Reply-To: <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>
References: <CAM+OHSdaYAag0QW9k9UFtyVY++WLHg_2c7f6LJRgncH3VqAPDw@mail.gmail.com>
 <CAM+OHSfmnhJKgSaC0=+ZUO8GObOZ=A3OW4SUqF6QyyPt-90dQg@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50125012999@XMBX06.sti.usherbrooke.ca>
 <E5789627-D817-494D-96A2-2FDFF732F9AC@gmail.com>
Message-ID: <CAAug_B9QjrKMyMp16qYdSFV3KkN5YAb0BaRjnfoaXZDvrjGb8Q@mail.gmail.com>

Will not work, deny executable will trump your allow line.
Do investigate the file -i output and try using that type of config instead.

Cheers!
-- 
-- Glenn
Den 14 okt 2015 4:45 fm skrev "Simon Buchanan" <greminn at gmail.com>:

> Just me again :)
>
> So I’ve checked the file with “file”, and the type comes out as this:
>
> $ file S530-F2.eib
> S530-F2.eib: 0420 Alliant virtual executable
>
> Or short is “alliant”.. so i have this in filetype.rules.conf:
>
> allow alliant - -
>
> And this in filename.rules.conf:
>
> allow \.eib$ - -
>
> Yet it is still blocking these files with the following message
> "MailScanner: No programs allowed (6AOlsenAve.eib)”
>
> Can anyone please check out what i have above? Is this correct?
>
> Simon
>
>
>
>
> On 6/10/2015, at 1:39 AM, Denis Beauchemin <
> Denis.Beauchemin at usherbrooke.ca> wrote:
>
> I’m not using it but I believe it has to do with the filetype.rules.conf
> rather than the filename.rules.conf which you seem to be using. The “file”
> command can tell you the eib file type to use in the config file.
>
> Denis
>
> *De :* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info
> <mailscanner-bounces at lists.mailscanner.info>] *De la part de* Simon
> *Envoyé :* 4 octobre 2015 23:19
> *À :* MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Objet :* Re: Allow .eib attachements for a single domain
>
> Further to this.. note that i do have:
>
>
> allow \.eib$ - -
> In my filename.rules.conf file...
>
> :)
>
> Simon
>
> On Mon, Oct 5, 2015 at 4:12 PM, Simon <greminn at gmail.com> wrote:
>
> Hi There,
>
> Pretty self explanatory request really :)
>
> I have a single client, who needs to receive .eib files - these are
> currently getting marked as bad files: "MailScanner: No programs allowed
> (AUCKOUTER.eib)"
>
> Is there a way you can do this with a rule?
>
> Thanks,
>
> Simon
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151016/5a10cf82/attachment.html>

From clessi.nb at gmail.com  Fri Oct 16 14:19:31 2015
From: clessi.nb at gmail.com (Clessi L.)
Date: Fri, 16 Oct 2015 11:19:31 -0300
Subject: Problem with quarantine
Message-ID: <CAA32hjWcO5vayqA2u-qdTUv=YUoL84bn8ng4y3afGTyZOSO_rA@mail.gmail.com>

Hi Everyone,

I have MailScanner with Mailwatch.
When I release a quarantined message, I receive an email with subject "Message
released from quarantine" with the original message attached.

I don't want this way. I want to receive the original message without
attachments.
How can I fix this?

Thanks your attention.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151016/16b6326d/attachment.html>

From tclark at clarktechnical.com  Mon Oct 19 15:25:19 2015
From: tclark at clarktechnical.com (Tony Clark)
Date: Mon, 19 Oct 2015 11:25:19 -0400
Subject: Centos new install problems
In-Reply-To: <55DDFC21.8040009@clarktechnical.com>
References: <55D78261.3000507@clarktechnical.com>
 <57645.31e55212.1440214305.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDB8B@XMBX06.sti.usherbrooke.ca>
 <CAGDKorJ-azK3TNcGcg4tF3aLc1pkY5Z37K93THMaHoebJ_-54g@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDBE3@XMBX06.sti.usherbrooke.ca>
 <49166.31e67e7f.1440427236.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDCE6@XMBX06.sti.usherbrooke.ca>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDD24@XMBX06.sti.usherbrooke.ca>
 <55DDB3E4.60004@clarktechnical.com>
 <0DDCE70F-C744-45A0-92DA-2B017B922E7B@mailborder.com>
 <55DDFC21.8040009@clarktechnical.com>
Message-ID: <56250B5F.50207@clarktechnical.com>


I am attempting to build a new Centos 7 MailScanner-Postfix-Spamassassin 
server.

I have installed most of the components, but I am getting the following 
errors on service restarts.  Can someone please help me to debug?

Thanks everyone.

MailScanner.conf below

---
Errors


[root at mail ~]# service MailScanner restart
Restarting MailScanner (via systemctl):  Job for MailScanner.service 
failed. See 'systemctl status MailScanner.service' and 'journalctl -xn' 
for          details.
                                                            [FAILED]
[root at mail ~]# systemctl status MailScanner.service
MailScanner.service - SYSV: MailScanner is an open-source E-Mail Gateway 
Virus Scanner.
    Loaded: loaded (/etc/rc.d/init.d/MailScanner)
    Active: failed (Result: timeout) since Mon 2015-10-19 10:49:52 EDT; 
10min ago
   Process: 47423 ExecStart=/etc/rc.d/init.d/MailScanner start 
(code=exited, status=0/SUCCESS)
  Main PID: 26734 (code=exited, status=0/SUCCESS)

Oct 19 10:44:52 mail.mydomain.com systemd[1]: Starting SYSV: MailScanner 
is an open-source E-Mail Gateway Virus Scanner....
Oct 19 10:45:04 mail.mydomain.com MailScanner[47423]: 
/etc/rc.d/init.d/MailScanner: line 78: [: =: unary operator expected
Oct 19 10:45:04 mail.mydomain.com MailScanner[47423]: Starting 
MailScanner daemons:
Oct 19 10:45:05 mail.mydomain.com MailScanner[47423]: incoming postfix: 
[  OK  ]
Oct 19 10:45:06 mail.mydomain.com MailScanner[47423]: outgoing postfix: 
[  OK  ]
Oct 19 10:45:09 mail.mydomain.com MailScanner[47423]: MailScanner: 
  [  OK  ]
Oct 19 10:45:09 mail.mydomain.com systemd[1]: Failed to read PID from 
file /var/run/MailScanner.pid: Invalid argument
Oct 19 10:49:52 mail.mydomain.com systemd[1]: MailScanner.service 
operation timed out. Terminating.
Oct 19 10:49:52 mail.mydomain.com systemd[1]: Failed to start SYSV: 
MailScanner is an open-source E-Mail Gateway Virus Scanner..
Oct 19 10:49:52 mail.mydomain.com systemd[1]: Unit MailScanner.service 
entered failed state.
[root at mail ~]# journalctl -xn
-- Logs begin at Mon 2015-10-12 16:58:06 EDT, end at Mon 2015-10-19 
11:04:33 EDT. --
Oct 19 11:01:05 mail.mydomain.com run-parts(/etc/cron.hourly)[47885]: 
starting check_MailScanner
Oct 19 11:01:08 mail.mydomain.com run-parts(/etc/cron.hourly)[47915]: 
finished check_MailScanner
Oct 19 11:01:08 mail.mydomain.com run-parts(/etc/cron.hourly)[47918]: 
starting processing_messages_alert
Oct 19 11:01:24 mail.mydomain.com run-parts(/etc/cron.hourly)[47956]: 
finished processing_messages_alert
Oct 19 11:01:24 mail.mydomain.com run-parts(/etc/cron.hourly)[47959]: 
starting update_bad_phishing_sites
Oct 19 11:01:37 mail.mydomain.com update.bad.phishing.sites[47996]: 
Delaying cron job up to 600 seconds
Oct 19 11:04:19 mail.mydomain.com update.bad.phishing.sites[48050]: 
Phishing bad sites list updated
Oct 19 11:04:20 mail.mydomain.com run-parts(/etc/cron.hourly)[48053]: 
finished update_bad_phishing_sites
Oct 19 11:04:20 mail.mydomain.com run-parts(/etc/cron.hourly)[48056]: 
starting update_virus_scanners
Oct 19 11:04:33 mail.mydomain.com update.virus.scanners[48069]: Delaying 
cron job up to 600 seconds
[root at mail ~]#

---

MailScanner.conf:


%org-name% = MyCompany

%org-long-name% = My Company

%web-site% = www.mycompany.com

%etc-dir% = /etc/MailScanner

%report-dir% = /etc/MailScanner/reports/en

%rules-dir% = /etc/MailScanner/rules

%mcp-dir% = /etc/MailScanner/mcp




Max Children = 5

Run As User = postfix

Run As Group = postfix

Queue Scan Interval = 6

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

Incoming Work Dir = /var/spool/MailScanner/incoming

Quarantine Dir = /var/spool/MailScanner/quarantine

PID file = /var/run/MailScanner.pid

Restart Every = 7200

MTA = postfix

Sendmail = /usr/sbin/sendmail

Sendmail2 = /usr/sbin/sendmail


Incoming Work User =
Incoming Work Group =

Incoming Work Permissions = 0600


Quarantine User = root
Quarantine Group = apache

Quarantine Permissions = 0660



Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30

Max Normal Queue Size = 800

Scan Messages = yes

Reject Message = no

Maximum Processing Attempts = 6

Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db

Maximum Attachments Per Message = 200

Expand TNEF = yes

Use TNEF Contents = replace

Deliver Unparsable TNEF = no

TNEF Expander = /usr/bin/tnef --maxsize=100000000

TNEF Timeout = 120

File Command = /usr/bin/file

File Timeout = 20

Gunzip Command = /bin/gunzip

Gunzip Timeout = 50

Unrar Command = /usr/bin/unrar

Unrar Timeout = 50

Find UU-Encoded Files = no

Maximum Message Size = %rules-dir%/max.message.size.rules

Maximum Attachment Size = -1

Minimum Attachment Size = -1

Maximum Archive Depth = 8

Find Archives By Content = yes

Unpack Microsoft Documents = yes

Zip Attachments = no

Attachments Zip Filename = MessageAttachments.zip

Attachments Min Total Size To Zip = 100k

Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg 
.mpe .mpeg .mp3 .rpm .htm .html .eml

Add Text Of Doc = no

Antiword = /usr/bin/antiword -f

Antiword Timeout = 50

Unzip Maximum Files Per Archive = 0

Unzip Maximum File Size = 50k

Unzip Filenames = *.txt *.ini *.log *.csv

Unzip MimeType = text/plain



Virus Scanning = yes

Virus Scanners = clamav

Virus Scanner Timeout = 300

Deliver Disinfected Files = no

Silent Viruses = HTML-IFrame All-Viruses

Still Deliver Silent Viruses = no

Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar

Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:

Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*

Block Encrypted Messages = no

Block Unencrypted Messages = no

Allow Password-Protected Archives = no

Check Filenames In Password-Protected Archives = yes


Allowed Sophos Error Messages =

Sophos IDE Dir = /opt/sophos-av/lib/sav

Sophos Lib Dir = /opt/sophos-av/lib

Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide


Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld 
/usr/local/share/clamav/*.cvd /var/lib/clamav/*.inc/* 
/var/lib/clamav/*.?db /var/lib/clamav/*.cvd

ClamAVmodule Maximum Recursion Level = 8
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Compression Ratio = 250

Clamd Port = 3310
Clamd Socket = /tmp/clamd.socket
Clamd Lock File = # /var/lock/subsys/clamd
Clamd Use Threads = no

ClamAV Full Message Scan = yes


Fpscand Port = 10200


Dangerous Content Scanning = yes

Allow Partial Messages = no

Allow External Message Bodies = no

Find Phishing Fraud = yes

Also Find Numeric Phishing = yes

Use Stricter Phishing Net = yes

Highlight Phishing Fraud = yes

Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf

Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf

Country Sub-Domains List = %etc-dir%/country.domains.conf

Allow IFrame Tags = disarm

Allow Form Tags = disarm

Allow Script Tags = disarm

Allow WebBugs = disarm

Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim

Known Web Bug Servers = msgtag.com

Web Bug Replacement = http://cdn.mailscanner.info/1x1spacer.gif

Allow Object Codebase Tags = disarm

Convert Dangerous HTML To Text = no

Convert HTML To Text = no



Archives Are = zip rar ole


Allow Filenames =

Deny Filenames =

Filename Rules = %etc-dir%/filename.rules.conf


Allow Filetypes =

Allow File MIME Types =

Deny Filetypes =

Deny File MIME Types =

Filetype Rules = %etc-dir%/filetype.rules.conf

Archives: Allow Filenames =
Archives: Deny Filenames =
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Allow Filetypes =
Archives: Allow File MIME Types =
Archives: Deny Filetypes =
Archives: Deny File MIME Types =
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf

Default Rename Pattern = __FILENAME__.disarmed


Quarantine Infections = yes

Quarantine Silent Viruses = no

Quarantine Modified Body = no

Quarantine Whole Message = yes

Quarantine Whole Messages As Queue Files = no

Keep Spam And MCP Archive Clean = no

Language Strings = %report-dir%/languages.conf

Rejection Report = %report-dir%/rejection.report.txt

Deleted Bad Content Message Report  = 
%report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = 
%report-dir%/deleted.filename.message.txt
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report         = %report-dir%/deleted.size.message.txt

Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = 
%report-dir%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
Stored Size Message Report         = %report-dir%/stored.size.message.txt

Disinfected Report = %report-dir%/disinfected.report.txt

Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt

Signature Image Filename = %report-dir%/sig.jpg
Signature Image <img> Filename = signature.jpg

Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt

Sender Content Report      = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt
Sender Size Report         = %report-dir%/sender.size.report.txt

Hide Incoming Work Dir = yes

Include Scanner Name In Reports = yes


Mail Header = X-%org-name%-MailScanner:

Spam Header = X-%org-name%-MailScanner-SpamCheck:

Spam Score Header = X-%org-name%-MailScanner-SpamScore:

Information Header = X-%org-name%-MailScanner-Information:

Add Envelope From Header = yes

Add Envelope To Header = no

Envelope From Header = X-%org-name%-MailScanner-From:

Envelope To Header = X-%org-name%-MailScanner-To:

ID Header = X-%org-name%-MailScanner-ID:

IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol:

Spam Score Character = s

SpamScore Number Instead Of Stars = no

Minimum Stars If On Spam List = 0

Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected

Information Header Value = Please contact the ISP for more information

Detailed Spam Report = yes

Include Scores In SpamAssassin Report = yes

Always Include SpamAssassin Report = no

Multiple Headers = append

Place New Headers At Top Of Message = no

Hostname = The %org-name% ($HOSTNAME) MailScanner

Sign Messages Already Processed = no

Sign Clean Messages = yes

Attach Image To Signature = no

Attach Image To HTML Message Only = yes

Allow Multiple HTML Signatures = no

Dont Sign HTML If Headers Exist = # In-Reply-To: References:

Mark Infected Messages = yes

Mark Unscanned Messages = yes

Unscanned Header Value = Not scanned: please contact your Internet 
E-Mail Service Provider for details

Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:

Deliver Cleaned Messages = yes


Notify Senders = yes

Notify Senders Of Viruses = no

Notify Senders Of Blocked Filenames Or Filetypes = yes

Notify Senders Of Blocked Size Attachments = no

Notify Senders Of Other Blocked Content = yes

Never Notify Senders Of Precedence = list bulk


Scanned Modify Subject = no # end

Scanned Subject Text = {Scanned}

Virus Modify Subject = start

Virus Subject Text = {Virus?}

Filename Modify Subject = start

Filename Subject Text = {Filename?}

Content Modify Subject = start

Content Subject Text = {Dangerous Content?}

Size Modify Subject = start

Size Subject Text = {Size}

Disarmed Modify Subject = start

Disarmed Subject Text = {Disarmed}

Phishing Modify Subject = no

Phishing Subject Text = {Fraud?}

Spam Modify Subject = start

Spam Subject Text = {Spam?}

High Scoring Spam Modify Subject = start

High Scoring Spam Subject Text = {Spam?}


Warning Is Attachment = yes

Attachment Warning Filename = %org-name%-Attachment-Warning.txt

Attachment Encoding Charset = ISO-8859-1


Archive Mail =

Missing Mail Archive Is = directory


Send Notices = yes

Notices Include Full Headers = yes

Hide Incoming Work Dir in Notices = no

Notice Signature = -- \nMailScanner\nEmail Virus 
Scanner\nwww.mailscanner.info

Notices From = MailScanner

Notices To = postmaster

Local Postmaster = postmaster


Spam List Definitions = %etc-dir%/spam.lists.conf

Virus Scanner Definitions = %etc-dir%/virus.scanners.conf


Spam Checks = yes

Spam List = SBL+XBL

Spam Domain List =

Spam Lists To Be Spam = 1

Spam Lists To Reach High Score = 3

Spam List Timeout = 10

Max Spam List Timeouts = 7

Spam List Timeouts History = 10

Is Definitely Not Spam = &SQLWhitelist

Is Definitely Spam = &SQLBlacklist

Definite Spam Is High Scoring = no

Ignore Spam Whitelist If Recipients Exceed = 20

Max Spam Check Size = 200k



Use Watermarking = no

Add Watermark = yes

Check Watermarks With No Sender = yes

Treat Invalid Watermarks With No Sender as Spam = nothing

Check Watermarks To Skip Spam Checks = yes

Watermark Secret = %org-name%-Secret

Watermark Lifetime = 604800

Watermark Header = X-%org-name%-MailScanner-Watermark:



Use SpamAssassin = yes

Max SpamAssassin Size = 200k

Required SpamAssassin Score = 6

High SpamAssassin Score = 10

SpamAssassin Auto Whitelist = yes

SpamAssassin Timeout = 75

Max SpamAssassin Timeouts = 10

SpamAssassin Timeouts History = 30

Check SpamAssassin If On Spam List = yes

Include Binary Attachments In SpamAssassin = no

Spam Score = yes

Cache SpamAssassin Results = yes

SpamAssassin Cache Database File = 
/var/spool/MailScanner/incoming/SpamAssassin.cache.db

Rebuild Bayes Every = 0

Wait During Bayes Rebuild = no


Use Custom Spam Scanner = no

Max Custom Spam Scanner Size = 20k

Custom Spam Scanner Timeout = 20

Max Custom Spam Scanner Timeouts = 10

Custom Spam Scanner Timeout History = 20


Spam Actions = deliver header "X-Spam-Status: Yes"

High Scoring Spam Actions = store

Non Spam Actions = deliver header "X-Spam-Status: No"

SpamAssassin Rule Actions =

Sender Spam Report         = %report-dir%/sender.spam.report.txt
Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt

Inline Spam Warning = %report-dir%/inline.spam.warning.txt

Recipient Spam Report = %report-dir%/recipient.spam.report.txt

Enable Spam Bounce = %rules-dir%/bounce.rules

Bounce Spam As Attachment = no


Syslog Facility = mail

Log Speed = no

Log Spam = no

Log Non Spam = no

Log Delivery And Non-Delivery = no

Log Permitted Filenames = no

Log Permitted Filetypes = no

Log Permitted File MIME Types = no

Log Silent Viruses = no

Log Dangerous HTML Tags = no

Log SpamAssassin Rule Actions = yes


SpamAssassin Temporary Dir = 
/var/spool/MailScanner/incoming/SpamAssassin-Temp

SpamAssassin User State Dir =

SpamAssassin Install Prefix =

SpamAssassin Site Rules Dir = /etc/mail/spamassassin

SpamAssassin Local Rules Dir =

SpamAssassin Local State Dir = # /var/lib/spamassassin

SpamAssassin Default Rules Dir =


DB DSN =

DB Username =

DB Password =

SQL Serial Number =

SQL Quick Peek =

SQL Config =

SQL Ruleset =

SQL SpamAssassin Config =

SQL Debug = yes


MCP Checks = no

First Check = spam

MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1

MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no

MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}

Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no

MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10

MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt


Use Default Rules With Multiple Recipients = no

Read IP Address From Received Header = no

Spam Score Number Format = %d

MailScanner Version Number = 4.85.2

SpamAssassin Cache Timings = 1800,300,10800,172800,600

Debug = yes

Debug SpamAssassin = yes

Run In Foreground = no


Always Looked Up Last = &MailWatchLogging

Always Looked Up Last After Batch = no

Deliver In Background = yes

Delivery Method = batch

Split Exim Spool = no

Lockfile Dir = /var/spool/MailScanner/incoming/Locks

Custom Functions Dir = /usr/share/MailScanner/MailScanner/CustomFunctions

Lock Type =

Syslog Socket Type =

Automatic Syntax Check = yes

Minimum Code Status = supported

include /etc/MailScanner/conf.d/*



From Amelein at Dantumadiel.eu  Tue Oct 20 07:38:34 2015
From: Amelein at Dantumadiel.eu (Arjan Melein)
Date: Tue, 20 Oct 2015 09:38:34 +0200
Subject: Betr.: Centos new install problems
In-Reply-To: <56250B5F.50207@clarktechnical.com>
References: <55D78261.3000507@clarktechnical.com>
 <57645.31e55212.1440214305.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDB8B@XMBX06.sti.usherbrooke.ca>
 <CAGDKorJ-azK3TNcGcg4tF3aLc1pkY5Z37K93THMaHoebJ_-54g@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDBE3@XMBX06.sti.usherbrooke.ca>
 <49166.31e67e7f.1440427236.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDCE6@XMBX06.sti.usherbrooke.ca>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDD24@XMBX06.sti.usherbrooke.ca>
 <55DDB3E4.60004@clarktechnical.com>
 <0DDCE70F-C744-45A0-92DA-2B017B922E7B@mailborder.com>
 <55DDFC21.8040009@clarktechnical.com> <56250B5F.50207@clarktechnical.com>
Message-ID: <56260B9A0200008E00034E34@GroupWise.Dantumadiel.eu>

Which systemctl script are you using ?
I have the 'old' init.d script and that works fine on CentOS 7.
It kinda sounds like you're missing 1 of the sub programs it uses to try to read the pid file, at least if you can confirm the pid actually exists.
If that doesn't exist you might be having an selinux or normal permission problem instead.

-
Arjan


>>> Tony Clark <tclark at clarktechnical.com> 19-10-2015 17:25 >>>

I am attempting to build a new Centos 7 MailScanner-Postfix-Spamassassin 
server.

I have installed most of the components, but I am getting the following 
errors on service restarts.  Can someone please help me to debug?

Thanks everyone.

MailScanner.conf below

snip snip.


From wt at dld2000.com  Tue Oct 20 11:43:19 2015
From: wt at dld2000.com (Walt Thiessen)
Date: Tue, 20 Oct 2015 07:43:19 -0400
Subject: log locations?
In-Reply-To: <56250B5F.50207@clarktechnical.com>
References: <55D78261.3000507@clarktechnical.com>
 <57645.31e55212.1440214305.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDB8B@XMBX06.sti.usherbrooke.ca>
 <CAGDKorJ-azK3TNcGcg4tF3aLc1pkY5Z37K93THMaHoebJ_-54g@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDBE3@XMBX06.sti.usherbrooke.ca>
 <49166.31e67e7f.1440427236.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDCE6@XMBX06.sti.usherbrooke.ca>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDD24@XMBX06.sti.usherbrooke.ca>
 <55DDB3E4.60004@clarktechnical.com>
 <0DDCE70F-C744-45A0-92DA-2B017B922E7B@mailborder.com>
 <55DDFC21.8040009@clarktechnical.com> <56250B5F.50207@clarktechnical.com>
Message-ID: <562628D7.7040001@dld2000.com>

Are there any other locations for logs to check specific to MailScanner 
other than maillog?

Walt Thiessen

From tclark at clarktechnical.com  Tue Oct 20 11:47:23 2015
From: tclark at clarktechnical.com (Tony Clark)
Date: Tue, 20 Oct 2015 07:47:23 -0400
Subject: Betr.: Centos new install problems
In-Reply-To: <56260B9A0200008E00034E34@GroupWise.Dantumadiel.eu>
References: <55D78261.3000507@clarktechnical.com>
 <57645.31e55212.1440214305.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDB8B@XMBX06.sti.usherbrooke.ca>
 <CAGDKorJ-azK3TNcGcg4tF3aLc1pkY5Z37K93THMaHoebJ_-54g@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDBE3@XMBX06.sti.usherbrooke.ca>
 <49166.31e67e7f.1440427236.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDCE6@XMBX06.sti.usherbrooke.ca>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDD24@XMBX06.sti.usherbrooke.ca>
 <55DDB3E4.60004@clarktechnical.com>
 <0DDCE70F-C744-45A0-92DA-2B017B922E7B@mailborder.com>
 <55DDFC21.8040009@clarktechnical.com> <56250B5F.50207@clarktechnical.com>
 <56260B9A0200008E00034E34@GroupWise.Dantumadiel.eu>
Message-ID: <562629CB.6020601@clarktechnical.com>


I'm using whatever default came with Centos7/MailScanner.

I simply launched 'service MailScanner start'


On 10/20/2015 3:38 AM, Arjan Melein wrote:
> Which systemctl script are you using ?
> I have the 'old' init.d script and that works fine on CentOS 7.
> It kinda sounds like you're missing 1 of the sub programs it uses to try to read the pid file, at least if you can confirm the pid actually exists.
> If that doesn't exist you might be having an selinux or normal permission problem instead.
>
> -
> Arjan
>
>
>>>>
>
> I am attempting to build a new Centos 7 MailScanner-Postfix-Spamassassin
> server.
>
> I have installed most of the components, but I am getting the following
> errors on service restarts.  Can someone please help me to debug?
>
> Thanks everyone.
>
> MailScanner.conf below
>
> snip snip.
>
>
>

From Amelein at Dantumadiel.eu  Tue Oct 20 14:06:19 2015
From: Amelein at Dantumadiel.eu (Arjan Melein)
Date: Tue, 20 Oct 2015 16:06:19 +0200
Subject: Betr.: Centos new install problems
In-Reply-To: <562629CB.6020601@clarktechnical.com>
References: <55D78261.3000507@clarktechnical.com>
 <57645.31e55212.1440214305.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDB8B@XMBX06.sti.usherbrooke.ca>
 <CAGDKorJ-azK3TNcGcg4tF3aLc1pkY5Z37K93THMaHoebJ_-54g@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDBE3@XMBX06.sti.usherbrooke.ca>
 <49166.31e67e7f.1440427236.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDCE6@XMBX06.sti.usherbrooke.ca>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDD24@XMBX06.sti.usherbrooke.ca>
 <55DDB3E4.60004@clarktechnical.com>
 <0DDCE70F-C744-45A0-92DA-2B017B922E7B@mailborder.com>
 <55DDFC21.8040009@clarktechnical.com> <56250B5F.50207@clarktechnical.com>
 <56260B9A0200008E00034E34@GroupWise.Dantumadiel.eu>
 <562629CB.6020601@clarktechnical.com>
Message-ID: <5626667B0200008E00034E8F@GroupWise.Dantumadiel.eu>

Did you check if the pid actually exists ?
I'm running MS 4.85.2 on my Centos 7 server, I did turn off selinux but I forgot the specific reason.
I'm assuming it actually starts but just fails to read the PID, if it doesn't start at all try MailScanner --debug --lint


>>> Tony Clark <tclark at clarktechnical.com> 20-10-2015 13:47 >>>

I'm using whatever default came with Centos7/MailScanner.

I simply launched 'service MailScanner start'



From alex at vidadigital.com.pa  Tue Oct 20 15:21:48 2015
From: alex at vidadigital.com.pa (Alex Neuman van der Hans)
Date: Tue, 20 Oct 2015 10:21:48 -0500
Subject: log locations?
In-Reply-To: <562628D7.7040001@dld2000.com>
References: <55D78261.3000507@clarktechnical.com>
 <57645.31e55212.1440214305.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDB8B@XMBX06.sti.usherbrooke.ca>
 <CAGDKorJ-azK3TNcGcg4tF3aLc1pkY5Z37K93THMaHoebJ_-54g@mail.gmail.com>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDBE3@XMBX06.sti.usherbrooke.ca>
 <49166.31e67e7f.1440427236.nsm@mail.fumlersoft.dk>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDCE6@XMBX06.sti.usherbrooke.ca>
 <E4CD9F6A1A6FF745BCABA56BBD1008D50124FFDD24@XMBX06.sti.usherbrooke.ca>
 <55DDB3E4.60004@clarktechnical.com>
 <0DDCE70F-C744-45A0-92DA-2B017B922E7B@mailborder.com>
 <55DDFC21.8040009@clarktechnical.com> <56250B5F.50207@clarktechnical.com>
 <562628D7.7040001@dld2000.com>
Message-ID: <8F285320-5C1C-482F-8359-E3A8A1450483@vidadigital.com.pa>

/var/log/messages for stuff that happens “processwise".

> On Oct 20, 2015, at 6:43 AM, Walt Thiessen <wt at dld2000.com> wrote:
> 
> Are there any other locations for logs to check specific to MailScanner other than maillog?
> 
> Walt Thiessen
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151020/4e816c8e/attachment.html>

From gao at pztop.com  Tue Oct 20 17:38:45 2015
From: gao at pztop.com (Gao)
Date: Tue, 20 Oct 2015 10:38:45 -0700
Subject: Drop email relayed from backup mail server with non-exist recipient
 address
Message-ID: <56267C25.1040201@pztop.com>

Hi list,

I have a backup email server to relay emails to the main server when it 
received emails. I configured it only relay the domain I defined and 
discard all other domains. For example, an email to abc at mydomain.tld get 
relayed to the main server, others like to abc at xyz.tld will get refused.

But I see lots spam emails come to my backup server with wrong user 
account, like fakename-1 at mydomain.tld, fakename-2 at mydomain.tld.,etc. 
Those emails also get relayed to the main server. It cause the main 
server send out rejection emails to the spammer - and most likely the 
FROM address is a fake email address as well.

So I want to add a rule to postfix or MailScanner: If the email is from 
my backup server with IP A.B.C.D, and the recipient address is not found 
in our virtual user table, the just drop the email.

I googled and read POSTFIX doc and could not figure out a way to 
accomplish this. Could you please help me?

Thanks a lot.

Gao

From alex at vidadigital.com.pa  Tue Oct 20 17:56:25 2015
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Tue, 20 Oct 2015 12:56:25 -0500
Subject: Drop email relayed from backup mail server with non-exist
 recipient address
In-Reply-To: <56267C25.1040201@pztop.com>
References: <56267C25.1040201@pztop.com>
Message-ID: <CANyE0Po9HoDsRGmXfXWdFnTM+5URTyOhyxPb2o=UXJHSPRVoQw@mail.gmail.com>

You shouldn't do that. You should have the backup server look up the
addresses either in real time using LDAP or through some sync mechanism.
Otherwise you're not only breaking the way it's supposed to work (550
errors for nonexistent addresses), you're paying for bandwidth you're not
using and allowing spammers to thrive.



[image: logo]
*Alex Neuman van der Hans* *Producer/Host**, Vida Digital*
+1 (440) 253-9789 <+1+(440)+253-9789> | +507 6781-9505 <+507+6781-9505> |
Panama |alex at vidadigital.com.pa | http://vidadigital.com.pa/ |Skype:
alexneuman
<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Ffacebook.com%2Fvidadigital&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fpa.linkedin.com%2Fin%2Falexneuman&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fpinterest.com%2Fvidadigital&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fyoutube.com%2Fuser%2Freliantpty&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fvidadigital.com.pa.wordpress.com%2F&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Famazon.com%2F%3Ftag%3Dvidadigi-20&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fskype%3Aalexneuman%2F%3Fcall%26topic%3DSignature&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

<http://t.sidekickopen23.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fwhatsapp%2F%2Fsend%3Ftext%3DHello&si=5887134288314368&pi=86a5113e-6ddd-4c09-e74d-11d7a443c35d>

On Tue, Oct 20, 2015 at 12:38 PM, Gao <gao at pztop.com> wrote:

> Hi list,
>
> I have a backup email server to relay emails to the main server when it
> received emails. I configured it only relay the domain I defined and
> discard all other domains. For example, an email to abc at mydomain.tld get
> relayed to the main server, others like to abc at xyz.tld will get refused.
>
> But I see lots spam emails come to my backup server with wrong user
> account, like fakename-1 at mydomain.tld, fakename-2 at mydomain.tld.,etc.
> Those emails also get relayed to the main server. It cause the main server
> send out rejection emails to the spammer - and most likely the FROM address
> is a fake email address as well.
>
> So I want to add a rule to postfix or MailScanner: If the email is from my
> backup server with IP A.B.C.D, and the recipient address is not found in
> our virtual user table, the just drop the email.
>
> I googled and read POSTFIX doc and could not figure out a way to
> accomplish this. Could you please help me?
>
> Thanks a lot.
>
> Gao
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151020/9e1090f0/attachment.html>

From mailscanner at gojensen.no  Wed Oct 21 08:05:47 2015
From: mailscanner at gojensen.no (gojensen)
Date: Wed, 21 Oct 2015 10:05:47 +0200
Subject: RDNS_NONE hits when it shouldn't
Message-ID: <5627475B.4080608@gojensen.no>

Hi!

We sometimes have issues with mail being flagged because of the 
RDNS_NONE (Delivered to internal network by a host with no rDNS).

In essence this means that the senders IP address has no correct DNS 
setup. However, when we try do nslookup on the mailscanner machine with 
those IP addresses they resolve just fine.

I.e. it seems to be mailscanner or it's part that can't do the lookup 
properly? It was my understanding that mailscanner just used the parts 
of the OS to do this so I'm a bit confused as to why this is an issue.

We're running 4.85.2 on Ubuntu 14.04.2 LTS with local dns caching 
(dnsmasq) with "forwards" to our ISPs DNS and Google DNS, and as I said 
- checking those IPs locally from the shell works just fine. And yes 
nslookup uses localhost as it's server.

-- 
// gojensen

From mark at msapiro.net  Wed Oct 21 16:12:51 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 Oct 2015 09:12:51 -0700
Subject: RDNS_NONE hits when it shouldn't
In-Reply-To: <5627475B.4080608@gojensen.no>
References: <5627475B.4080608@gojensen.no>
Message-ID: <5627B983.2060606@msapiro.net>

On 10/21/2015 01:05 AM, gojensen wrote:
> 
> We sometimes have issues with mail being flagged because of the
> RDNS_NONE (Delivered to internal network by a host with no rDNS).
> 
> In essence this means that the senders IP address has no correct DNS
> setup. However, when we try do nslookup on the mailscanner machine with
> those IP addresses they resolve just fine.


That is not the issue.

A properly configured mail server will identify itself in HELO or EHLO
as say example.com.

dig A example.com

(or nslookup) will return 111.222.333.444 as the IP address of
example.com and this should be the IP address of the connecting server.
Then rDNS

dig -x 111.222.333.444

should return a PTR record back to example.com. RDNS_NONE says that
there is no PTR record in DNS for 444.333.222.111.in-addr.arpa.

See <https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From dave at jonesol.com  Wed Oct 21 17:48:48 2015
From: dave at jonesol.com (Dave Jones)
Date: Wed, 21 Oct 2015 12:48:48 -0500
Subject: RDNS_NONE hits when it shouldn't
In-Reply-To: <5627B983.2060606@msapiro.net>
References: <5627475B.4080608@gojensen.no>
	<5627B983.2060606@msapiro.net>
Message-ID: <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>

Correct.  Some mail admins know to get the PTR record setup but they
don't know about the forward lookup part of FCrDNS ("caller ID" for
sending mail servers).  This makes it important to setup a dedicated A
record and IP/1-to1 NAT for your sending/outbound mail server so you
can get all 3 pieces of information (SMTP HELO -> A record -> PTR
record back to the HELO) to line up.  It's possible to get them to
line up without a dedicated IP or 1-to-1 NAT but I have seen many
outbound servers use "mail.example.com" as their HELO on IP
11.22.33.44 but they are using that same hostname/URL for webmail or
something on IP 11.22.33.55 so only 2 of the 3 parts line up.
Dave

On Wed, Oct 21, 2015 at 11:12 AM, Mark Sapiro <mark at msapiro.net> wrote:
> On 10/21/2015 01:05 AM, gojensen wrote:
>>
>> We sometimes have issues with mail being flagged because of the
>> RDNS_NONE (Delivered to internal network by a host with no rDNS).
>>
>> In essence this means that the senders IP address has no correct DNS
>> setup. However, when we try do nslookup on the mailscanner machine with
>> those IP addresses they resolve just fine.
>
>
> That is not the issue.
>
> A properly configured mail server will identify itself in HELO or EHLO
> as say example.com.
>
> dig A example.com
>
> (or nslookup) will return 111.222.333.444 as the IP address of
> example.com and this should be the IP address of the connecting server.
> Then rDNS
>
> dig -x 111.222.333.444
>
> should return a PTR record back to example.com. RDNS_NONE says that
> there is no PTR record in DNS for 444.333.222.111.in-addr.arpa.
>
> See <https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>

From wt at dld2000.com  Wed Oct 21 21:57:32 2015
From: wt at dld2000.com (Walt Thiessen)
Date: Wed, 21 Oct 2015 17:57:32 -0400
Subject: forwarded emails
In-Reply-To: <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>
References: <5627475B.4080608@gojensen.no> <5627B983.2060606@msapiro.net>
 <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>
Message-ID: <56280A4C.4030304@dld2000.com>

How does MailScanner handle forwarded emails?

For instance, let's say that joe at domain.tld sends an email to 
bill at domain.tld. Bill has bill at domain.tld set up to forward to 
billyboy at domain.tld.

If there is a whitelist rule that whitelists emails from joe at domain.tld 
to billyboy at domain.tld, will this particular forwarded email get 
delivered due to that whitelist rule?

From kevin.miller at juneau.org  Wed Oct 21 22:06:29 2015
From: kevin.miller at juneau.org (Kevin Miller)
Date: Wed, 21 Oct 2015 22:06:29 +0000
Subject: forwarded emails
In-Reply-To: <56280A4C.4030304@dld2000.com>
References: <5627475B.4080608@gojensen.no> <5627B983.2060606@msapiro.net>
 <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>
 <56280A4C.4030304@dld2000.com>
Message-ID: <f8b89989729b4437912b853ec3538db7@City-Exch-DB2.cbj.local>

I would expect it to. 

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357


-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Walt Thiessen
Sent: Wednesday, October 21, 2015 1:58 PM
To: MailScanner Discussion
Subject: forwarded emails

How does MailScanner handle forwarded emails?

For instance, let's say that joe at domain.tld sends an email to bill at domain.tld. Bill has bill at domain.tld set up to forward to billyboy at domain.tld.

If there is a whitelist rule that whitelists emails from joe at domain.tld to billyboy at domain.tld, will this particular forwarded email get delivered due to that whitelist rule?


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


From mark at msapiro.net  Wed Oct 21 22:47:10 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 Oct 2015 15:47:10 -0700
Subject: forwarded emails
In-Reply-To: <56280A4C.4030304@dld2000.com>
References: <5627475B.4080608@gojensen.no> <5627B983.2060606@msapiro.net>
 <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>
 <56280A4C.4030304@dld2000.com>
Message-ID: <562815EE.8060108@msapiro.net>

On 10/21/2015 02:57 PM, Walt Thiessen wrote:
> How does MailScanner handle forwarded emails?
> 
> For instance, let's say that joe at domain.tld sends an email to
> bill at domain.tld. Bill has bill at domain.tld set up to forward to
> billyboy at domain.tld.
> 
> If there is a whitelist rule that whitelists emails from joe at domain.tld
> to billyboy at domain.tld, will this particular forwarded email get
> delivered due to that whitelist rule?


I don't think so. MailScanner looks at the sender and recipient of the
message as it arrives at the MTA. MailScanner knows nothing about the
subsequent forward that might occur. It is not until the MTA attempts to
deliver the mail to bill at domain.tld (after MailScanner has processed it)
that it will find the .forward and redirect the mail to billyboy at domain.tld.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From kevin.miller at juneau.org  Wed Oct 21 22:58:32 2015
From: kevin.miller at juneau.org (Kevin Miller)
Date: Wed, 21 Oct 2015 22:58:32 +0000
Subject: forwarded emails
In-Reply-To: <562815EE.8060108@msapiro.net>
References: <5627475B.4080608@gojensen.no> <5627B983.2060606@msapiro.net>
 <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>
 <56280A4C.4030304@dld2000.com> <562815EE.8060108@msapiro.net>
Message-ID: <3e947e997c86400d9cdf827ee9c03eef@City-Exch-DB2.cbj.local>

I figured that the forwarding would happen before MailScanner gets involved.  I.e., in their virtuserfile or whatever passes for that if not using sendmail.
I gotta wonder though why one needs to whitelist users on the same system.  Blacklisting a problem user might make sense, but I'm not sure what the actual application is here.  No matter though - to each their own...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357


-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro
Sent: Wednesday, October 21, 2015 2:47 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: forwarded emails

On 10/21/2015 02:57 PM, Walt Thiessen wrote:
> How does MailScanner handle forwarded emails?
> 
> For instance, let's say that joe at domain.tld sends an email to 
> bill at domain.tld. Bill has bill at domain.tld set up to forward to 
> billyboy at domain.tld.
> 
> If there is a whitelist rule that whitelists emails from 
> joe at domain.tld to billyboy at domain.tld, will this particular forwarded 
> email get delivered due to that whitelist rule?


I don't think so. MailScanner looks at the sender and recipient of the message as it arrives at the MTA. MailScanner knows nothing about the subsequent forward that might occur. It is not until the MTA attempts to deliver the mail to bill at domain.tld (after MailScanner has processed it) that it will find the .forward and redirect the mail to billyboy at domain.tld.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


From mark at msapiro.net  Wed Oct 21 23:25:47 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 Oct 2015 16:25:47 -0700
Subject: forwarded emails
In-Reply-To: <3e947e997c86400d9cdf827ee9c03eef@City-Exch-DB2.cbj.local>
References: <5627475B.4080608@gojensen.no> <5627B983.2060606@msapiro.net>
 <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>
 <56280A4C.4030304@dld2000.com> <562815EE.8060108@msapiro.net>
 <3e947e997c86400d9cdf827ee9c03eef@City-Exch-DB2.cbj.local>
Message-ID: <56281EFB.3050900@msapiro.net>

On 10/21/2015 03:58 PM, Kevin Miller wrote:
> I figured that the forwarding would happen before MailScanner gets involved.  I.e., in their virtuserfile or whatever passes for that if not using sendmail.


I'm not sure about sendmail or other non-Postfix MTAs which is why I
said "I don't think so.".

However, for Postfix, MailScanner processes the message before any
virtual mappings, aliases, .forwards, etc. are applied. With Postfix, at
least with the recommended configuration, the incoming message is
immediately placed in the HOLD queue. It is then processed by
MailScanner and if it passes MailScanner, it is requeued in Postfix's
INCOMING queue and only then is vitrual mapping, aliasing, etc applied.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From kevin.miller at juneau.org  Wed Oct 21 23:31:37 2015
From: kevin.miller at juneau.org (Kevin Miller)
Date: Wed, 21 Oct 2015 23:31:37 +0000
Subject: forwarded emails
In-Reply-To: <56281EFB.3050900@msapiro.net>
References: <5627475B.4080608@gojensen.no> <5627B983.2060606@msapiro.net>
 <CAJmnxLWTJ_wfhqbJOHVymE7obCK86JfarpEYFkgBN44ghG9pRg@mail.gmail.com>
 <56280A4C.4030304@dld2000.com> <562815EE.8060108@msapiro.net>
 <3e947e997c86400d9cdf827ee9c03eef@City-Exch-DB2.cbj.local>
 <56281EFB.3050900@msapiro.net>
Message-ID: <d3e347f6b2de4cccab67a794e0799f72@City-Exch-DB2.cbj.local>

Thanks for the clarification - that makes sense.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357


-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro
Sent: Wednesday, October 21, 2015 3:26 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: forwarded emails

On 10/21/2015 03:58 PM, Kevin Miller wrote:
> I figured that the forwarding would happen before MailScanner gets involved.  I.e., in their virtuserfile or whatever passes for that if not using sendmail.


I'm not sure about sendmail or other non-Postfix MTAs which is why I said "I don't think so.".

However, for Postfix, MailScanner processes the message before any virtual mappings, aliases, .forwards, etc. are applied. With Postfix, at least with the recommended configuration, the incoming message is immediately placed in the HOLD queue. It is then processed by MailScanner and if it passes MailScanner, it is requeued in Postfix's INCOMING queue and only then is vitrual mapping, aliasing, etc applied.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


From marek.gorny at bolix.pl  Sat Oct 24 18:02:43 2015
From: marek.gorny at bolix.pl (=?iso-8859-2?Q?Marek_G=F3rny?=)
Date: Sat, 24 Oct 2015 18:02:43 +0000
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
Message-ID: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>

He
Glad to be here, my first mail so Welcome Everyone.
I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
My system is SUSE 13.1 with postfix 2.9.6
My configuration and installation log is in attachments
I used install.sh script with optin to skip install MTA (i already have postfix installed)


Regards
Marek Górny

[Bolix]

Bolix SA
Ul. Stolarska 8
34-300 Żywiec, Poland
Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
specjalizującym się w produkcji systemów elewacyjnych.
Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.

[Bolix_Kampania] <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>



________________________________

Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697

UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.

ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer.

[Las] Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/46ab1621/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mailscanner-install.log
Type: application/octet-stream
Size: 230604 bytes
Desc: mailscanner-install.log
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/46ab1621/attachment-0001.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Version.txt
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/46ab1621/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: lint.txt
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/46ab1621/attachment-0003.txt>

From jerry.benton at mailborder.com  Sat Oct 24 18:36:27 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Sat, 24 Oct 2015 14:36:27 -0400
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
In-Reply-To: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
References: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
Message-ID: <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>

Did you use the install script or did you just install the RPM?


-
Jerry Benton
www.mailborder.com



> On Oct 24, 2015, at 2:02 PM, Marek Górny <marek.gorny at bolix.pl> wrote:
> 
> He
> Glad to be here, my first mail so Welcome Everyone.
> I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
> My system is SUSE 13.1 with postfix 2.9.6
> My configuration and installation log is in attachments
> I used install.sh script with optin to skip install MTA (i already have postfix installed)
>  
>  
> Regards
> Marek Górny
> 
> 
> Bolix SA
> Ul. Stolarska 8
> 34-300 Żywiec, Poland
> Bolix S.A. jest wiodącym polskim producentem chemii budowlanej, 
> specjalizującym się w produkcji systemów elewacyjnych.
> Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
> 
> 
>  
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
> Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej, 
> VIII Wydział Gospodarczy Krajowego Rejestru Sądowego 
> Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
> 
> UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.
> 
> ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. 
> 
>  Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
> 
> <mailscanner-install.log><Version.txt><lint.txt>
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/2a30035f/attachment.html>

From marek.gorny at bolix.pl  Sat Oct 24 18:38:59 2015
From: marek.gorny at bolix.pl (=?utf-8?B?TWFyZWsgR8Ozcm55?=)
Date: Sat, 24 Oct 2015 18:38:59 +0000
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
In-Reply-To: <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>
References: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
 <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>
Message-ID: <d76ec64eaf634fb0a1556461ab553a5d@BolixEx2.bolix.local>

I used install.sh script

Marek Górny

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, October 24, 2015 8:36 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3

Did you use the install script or did you just install the RPM?


-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Oct 24, 2015, at 2:02 PM, Marek Górny <marek.gorny at bolix.pl<mailto:marek.gorny at bolix.pl>> wrote:

He
Glad to be here, my first mail so Welcome Everyone.
I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
My system is SUSE 13.1 with postfix 2.9.6
My configuration and installation log is in attachments
I used install.sh script with optin to skip install MTA (i already have postfix installed)


Regards
Marek Górny
[Bolix]
Bolix SA
Ul. Stolarska 8
34-300 Żywiec, Poland
Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
specjalizującym się w produkcji systemów elewacyjnych.
Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
[Bolix_Kampania]<http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>


<http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>

________________________________
Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.

ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer.
[Las] Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
<mailscanner-install.log><Version.txt><lint.txt>

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner


[Bolix]

Bolix SA
Ul. Stolarska 8
34-300 Żywiec, Poland
Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
specjalizującym się w produkcji systemów elewacyjnych.
Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.

[Bolix_Kampania] <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>



________________________________

Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697

UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.

ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer.

[Las] Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/9fcc8a9c/attachment.html>

From jerry.benton at mailborder.com  Sat Oct 24 18:40:49 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Sat, 24 Oct 2015 14:40:49 -0400
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
In-Reply-To: <d76ec64eaf634fb0a1556461ab553a5d@BolixEx2.bolix.local>
References: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
 <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>
 <d76ec64eaf634fb0a1556461ab553a5d@BolixEx2.bolix.local>
Message-ID: <996709BA-EF17-4F94-A184-CA6C150CECB1@mailborder.com>

What is the error return when you try to install the RPM? (Don’t use the install script again, just try to install the RPM)

-
Jerry Benton
www.mailborder.com



> On Oct 24, 2015, at 2:38 PM, Marek Górny <marek.gorny at bolix.pl> wrote:
> 
> I used install.sh script
>  
> Marek Górny
>  
> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Saturday, October 24, 2015 8:36 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3
>  
> Did you use the install script or did you just install the RPM?
>  
> 
> -
> Jerry Benton
> www.mailborder.com <http://www.mailborder.com/>
>  
>  
>  
> On Oct 24, 2015, at 2:02 PM, Marek Górny <marek.gorny at bolix.pl <mailto:marek.gorny at bolix.pl>> wrote:
>  
> He
> Glad to be here, my first mail so Welcome Everyone.
> I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
> My system is SUSE 13.1 with postfix 2.9.6
> My configuration and installation log is in attachments
> I used install.sh script with optin to skip install MTA (i already have postfix installed)
>  
>  
> Regards
> Marek Górny
> 
> Bolix SA
> Ul. Stolarska 8
> 34-300 Żywiec, Poland
> Bolix S.A. jest wiodącym polskim producentem chemii budowlanej, 
> specjalizującym się w produkcji systemów elewacyjnych.
> Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
>  
> 
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
>  
> Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej, 
> VIII Wydział Gospodarczy Krajowego Rejestru Sądowego 
> Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
> UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.
> 
> ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. 
>  Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
> <mailscanner-install.log><Version.txt><lint.txt>
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
>  
> 
> 
> Bolix SA
> Ul. Stolarska 8
> 34-300 Żywiec, Poland
> Bolix S.A. jest wiodącym polskim producentem chemii budowlanej, 
> specjalizującym się w produkcji systemów elewacyjnych.
> Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
> 
> 
>  
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
> Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej, 
> VIII Wydział Gospodarczy Krajowego Rejestru Sądowego 
> Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
> 
> UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.
> 
> ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. 
> 
>  Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/d4a7cd76/attachment.html>

From marek.gorny at bolix.pl  Sat Oct 24 19:09:47 2015
From: marek.gorny at bolix.pl (=?utf-8?B?TWFyZWsgR8Ozcm55?=)
Date: Sat, 24 Oct 2015 19:09:47 +0000
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
In-Reply-To: <996709BA-EF17-4F94-A184-CA6C150CECB1@mailborder.com>
References: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
 <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>
 <d76ec64eaf634fb0a1556461ab553a5d@BolixEx2.bolix.local>
 <996709BA-EF17-4F94-A184-CA6C150CECB1@mailborder.com>
Message-ID: <3d66fd3781424b5b8ff0b0087e344524@BolixEx2.bolix.local>

So all packages listed below are needed before installation<http://www.bing.com/search?q=so+packages+listed+below+are+needed+before+installation&FORM=AWRE>?


mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh mailscanner-4.85.2-3.noarch.rpm
warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID a7bad773: NOKEY
error: Failed dependencies:
        man-pages is needed by mailscanner-4.85.2-3.noarch
        man-pages-overrides is needed by mailscanner-4.85.2-3.noarch
        perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
        perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch
        zip is needed by mailscanner-4.85.2-3.noarch

Marek Górny
Specjalista ds. informatyki/
IT Specialist
GSM.: +48 606 775 440
Tel.:  +48 33 475 06 45
Fax.:  +48 33 475 06 12
E-mail: marek.gorny at bolix.pl<mailto:marek.zajac at bolix.pl>
www.bolix.pl<http://www.bolix.pl>
www.bolixhd.pl<http://www.bolixhd.pl>
www.ocieplenia.com.pl<http://www.ocieplenia.com.pl>

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, October 24, 2015 8:41 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3

What is the error return when you try to install the RPM? (Don’t use the install script again, just try to install the RPM)

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Oct 24, 2015, at 2:38 PM, Marek Górny <marek.gorny at bolix.pl<mailto:marek.gorny at bolix.pl>> wrote:

I used install.sh script

Marek Górny

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, October 24, 2015 8:36 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3

Did you use the install script or did you just install the RPM?


-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



On Oct 24, 2015, at 2:02 PM, Marek Górny <marek.gorny at bolix.pl<mailto:marek.gorny at bolix.pl>> wrote:

He
Glad to be here, my first mail so Welcome Everyone.
I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
My system is SUSE 13.1 with postfix 2.9.6
My configuration and installation log is in attachments
I used install.sh script with optin to skip install MTA (i already have postfix installed)


Regards
Marek Górny
[Bolix]
Bolix SA
Ul. Stolarska 8
34-300 Żywiec, Poland
Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
specjalizującym się w produkcji systemów elewacyjnych.
Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
[Bolix_Kampania]<http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>


<http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>

________________________________
Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.

ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer.
[Las] Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
<mailscanner-install.log><Version.txt><lint.txt>

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner

[Bolix]
Bolix SA
Ul. Stolarska 8
34-300 Żywiec, Poland
Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
specjalizującym się w produkcji systemów elewacyjnych.
Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
[Bolix_Kampania]<http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>


<http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>

________________________________
Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.

ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer.
[Las] Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner


[Bolix]

Bolix SA
Ul. Stolarska 8
34-300 Żywiec, Poland
Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
specjalizującym się w produkcji systemów elewacyjnych.
Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.

[Bolix_Kampania] <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>



________________________________

Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697

UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.

ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer.

[Las] Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/400908b2/attachment-0001.html>

From jerry.benton at mailborder.com  Sat Oct 24 19:14:28 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Sat, 24 Oct 2015 15:14:28 -0400
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
In-Reply-To: <3d66fd3781424b5b8ff0b0087e344524@BolixEx2.bolix.local>
References: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
 <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>
 <d76ec64eaf634fb0a1556461ab553a5d@BolixEx2.bolix.local>
 <996709BA-EF17-4F94-A184-CA6C150CECB1@mailborder.com>
 <3d66fd3781424b5b8ff0b0087e344524@BolixEx2.bolix.local>
Message-ID: <7A8F316B-46B3-4C4A-B189-5F3ABB066E25@mailborder.com>

Yes.

-
Jerry Benton
www.mailborder.com



> On Oct 24, 2015, at 3:09 PM, Marek Górny <marek.gorny at bolix.pl> wrote:
> 
> So all packages listed below are needed before installation <http://www.bing.com/search?q=so+packages+listed+below+are+needed+before+installation&FORM=AWRE>?
>  
>  
> mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh mailscanner-4.85.2-3.noarch.rpm
> warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID a7bad773: NOKEY
> error: Failed dependencies:
>         man-pages is needed by mailscanner-4.85.2-3.noarch
>         man-pages-overrides is needed by mailscanner-4.85.2-3.noarch
>         perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
>         perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch
>         zip is needed by mailscanner-4.85.2-3.noarch
>  
> Marek Górny
> Specjalista ds. informatyki/
> IT Specialist
> GSM.: +48 606 775 440
> Tel.:  +48 33 475 06 45
> Fax.:  +48 33 475 06 12
> E-mail: marek.gorny at bolix.pl <mailto:marek.zajac at bolix.pl>
> www.bolix.pl <http://www.bolix.pl/>
> www.bolixhd.pl <http://www.bolixhd.pl/>
> www.ocieplenia.com.pl <http://www.ocieplenia.com.pl/>
>  
> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Saturday, October 24, 2015 8:41 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3
>  
> What is the error return when you try to install the RPM? (Don’t use the install script again, just try to install the RPM)
> 
> -
> Jerry Benton
> www.mailborder.com <http://www.mailborder.com/>
>  
>  
>  
> On Oct 24, 2015, at 2:38 PM, Marek Górny <marek.gorny at bolix.pl <mailto:marek.gorny at bolix.pl>> wrote:
>  
> I used install.sh script
>  
> Marek Górny
>  
> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info <mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Jerry Benton
> Sent: Saturday, October 24, 2015 8:36 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>>
> Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3
>  
> Did you use the install script or did you just install the RPM?
>  
> 
> -
> Jerry Benton
> www.mailborder.com <http://www.mailborder.com/>
>  
>  
>  
> On Oct 24, 2015, at 2:02 PM, Marek Górny <marek.gorny at bolix.pl <mailto:marek.gorny at bolix.pl>> wrote:
>  
> He
> Glad to be here, my first mail so Welcome Everyone.
> I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
> My system is SUSE 13.1 with postfix 2.9.6
> My configuration and installation log is in attachments
> I used install.sh script with optin to skip install MTA (i already have postfix installed)
>  
>  
> Regards
> Marek Górny
> 
> Bolix SA
> Ul. Stolarska 8
> 34-300 Żywiec, Poland
> Bolix S.A. jest wiodącym polskim producentem chemii budowlanej, 
> specjalizującym się w produkcji systemów elewacyjnych.
> Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
>  
> 
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
>  
> Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej, 
> VIII Wydział Gospodarczy Krajowego Rejestru Sądowego 
> Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
> UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.
> 
> ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. 
>  Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
> <mailscanner-install.log><Version.txt><lint.txt>
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
>  
> 
> Bolix SA
> Ul. Stolarska 8
> 34-300 Żywiec, Poland
> Bolix S.A. jest wiodącym polskim producentem chemii budowlanej, 
> specjalizującym się w produkcji systemów elewacyjnych.
> Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
>  
> 
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
>  
> Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej, 
> VIII Wydział Gospodarczy Krajowego Rejestru Sądowego 
> Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
> UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.
> 
> ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. 
>  Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
>  
> 
> 
> Bolix SA
> Ul. Stolarska 8
> 34-300 Żywiec, Poland
> Bolix S.A. jest wiodącym polskim producentem chemii budowlanej, 
> specjalizującym się w produkcji systemów elewacyjnych.
> Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.
> 
> 
>  
>  <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
> Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej, 
> VIII Wydział Gospodarczy Krajowego Rejestru Sądowego 
> Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
> 
> UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.
> 
> ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. 
> 
>  Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/5ec3f4ec/attachment.html>

From marek.gorny at bolix.pl  Sat Oct 24 20:19:44 2015
From: marek.gorny at bolix.pl (=?utf-8?B?TWFyZWsgR8Ozcm55?=)
Date: Sat, 24 Oct 2015 20:19:44 +0000
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
In-Reply-To: <7A8F316B-46B3-4C4A-B189-5F3ABB066E25@mailborder.com>
References: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
 <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>
 <d76ec64eaf634fb0a1556461ab553a5d@BolixEx2.bolix.local>
 <996709BA-EF17-4F94-A184-CA6C150CECB1@mailborder.com>
 <3d66fd3781424b5b8ff0b0087e344524@BolixEx2.bolix.local>
 <7A8F316B-46B3-4C4A-B189-5F3ABB066E25@mailborder.com>
Message-ID: <98ef0c7288ac4d159fe9cac06ac4776b@BolixEx2.bolix.local>

During RPM install still  looking for modules which are already installed?

mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh
QuickInstall-SuSE.txt            README                           install.sh                       mailscanner-4.85.2-3.noarch.rpm
mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh mailscanner-4.85.2-3.noarch.rpm
warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID a7bad773: NOKEY
error: Failed dependencies:
        perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
        perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch


cpan[1]> install Inline::C
Reading '/root/.cpan/Metadata'
  Database was generated on Sat, 24 Oct 2015 16:17:02 GMT
Inline::C is up to date (0.76).

cpan[2]> install Mail::IMAPClient
Mail::IMAPClient is up to date (3.37).

cpan[3]> exit
Terminal does not support GetHistory.
Lockfile removed.
mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -i mailscanner-4.85.2-3.noarch.rpm
warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID a7bad773: NOKEY
error: Failed dependencies:
        perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
        perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch

Marek Górny

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, October 24, 2015 9:14 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3

Yes.

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Oct 24, 2015, at 3:09 PM, Marek Górny <marek.gorny at bolix.pl<mailto:marek.gorny at bolix.pl>> wrote:

So all packages listed below are needed before installation<http://www.bing.com/search?q=so+packages+listed+below+are+needed+before+installation&FORM=AWRE>?


mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh mailscanner-4.85.2-3.noarch.rpm
warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID a7bad773: NOKEY
error: Failed dependencies:
        man-pages is needed by mailscanner-4.85.2-3.noarch
        man-pages-overrides is needed by mailscanner-4.85.2-3.noarch
        perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
        perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch
        zip is needed by mailscanner-4.85.2-3.noarch

Marek Górny
Specjalista ds. informatyki/
IT Specialist
GSM.: +48 606 775 440
Tel.:  +48 33 475 06 45
Fax.:  +48 33 475 06 12
E-mail: marek.gorny at bolix.pl<mailto:marek.zajac at bolix.pl>
www.bolix.pl<http://www.bolix.pl/>
www.bolixhd.pl<http://www.bolixhd.pl/>
www.ocieplenia.com.pl<http://www.ocieplenia.com.pl/>

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, October 24, 2015 8:41 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3

What is the error return when you try to install the RPM? (Don’t use the install script again, just try to install the RPM)

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



On Oct 24, 2015, at 2:38 PM, Marek Górny <marek.gorny at bolix.pl<mailto:marek.gorny at bolix.pl>> wrote:

I used install.sh script

Marek Górny

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, October 24, 2015 8:36 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Subject: Re: upgrade MailScanner 4.84.6 to 4.85.2-3

Did you use the install script or did you just install the RPM?


-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



On Oct 24, 2015, at 2:02 PM, Marek Górny <marek.gorny at bolix.pl<mailto:marek.gorny at bolix.pl>> wrote:

He
Glad to be here, my first mail so Welcome Everyone.
I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
My system is SUSE 13.1 with postfix 2.9.6
My configuration and installation log is in attachments
I used install.sh script with optin to skip install MTA (i already have postfix installed)


[Bolix]

Bolix SA
Ul. Stolarska 8
34-300 Żywiec, Poland
Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
specjalizującym się w produkcji systemów elewacyjnych.
Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości rozwiązań budowlanych.

[Bolix_Kampania] <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>



________________________________

Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697

UWAGA: Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest zaadresowana i może zawierać treści chronione przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie nadawcy i usunięcie tego materiału z komputera.

ATTENTION:  The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer.

[Las] Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151024/1a38fd07/attachment-0001.html>

From mailscanner at replies.cyways.com  Sat Oct 24 20:33:55 2015
From: mailscanner at replies.cyways.com (Peter Lemieux)
Date: Sat, 24 Oct 2015 16:33:55 -0400
Subject: upgrade MailScanner 4.84.6 to 4.85.2-3
In-Reply-To: <98ef0c7288ac4d159fe9cac06ac4776b@BolixEx2.bolix.local>
References: <611b776ed6a34fe5b9a9ea752371a4a2@BolixEx2.bolix.local>
 <163C0EE9-C649-4522-A705-5C181EBBF517@mailborder.com>
 <d76ec64eaf634fb0a1556461ab553a5d@BolixEx2.bolix.local>
 <996709BA-EF17-4F94-A184-CA6C150CECB1@mailborder.com>
 <3d66fd3781424b5b8ff0b0087e344524@BolixEx2.bolix.local>
 <7A8F316B-46B3-4C4A-B189-5F3ABB066E25@mailborder.com>
 <98ef0c7288ac4d159fe9cac06ac4776b@BolixEx2.bolix.local>
Message-ID: <562BEB33.7030302@replies.cyways.com>

I don't know if an RPM is going to notice modules installed via CPAN.  I 
always use the RPM versions of missing modules like perl-Inline and 
perl-Mail-IMAPClient:

http://pkgs.org/centos-6/repoforge-i386/perl-Inline-0.45-1.el6.rf.noarch.rpm.html

http://pkgs.org/download/perl-Mail-IMAPClient

Peter


On 10/24/2015 04:19 PM, Marek Górny wrote:
> During RPM install still  looking for modules which are already installed?
>
> mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh
>
> QuickInstall-SuSE.txt            README
> install.sh                       mailscanner-4.85.2-3.noarch.rpm
>
> mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh
> mailscanner-4.85.2-3.noarch.rpm
>
> warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID
> a7bad773: NOKEY
>
> error: Failed dependencies:
>
>          perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
>
>          perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch
>
> cpan[1]> install Inline::C
>
> Reading '/root/.cpan/Metadata'
>
>    Database was generated on Sat, 24 Oct 2015 16:17:02 GMT
>
> Inline::C is up to date (0.76).
>
> cpan[2]> install Mail::IMAPClient
>
> Mail::IMAPClient is up to date (3.37).
>
> cpan[3]> exit
>
> Terminal does not support GetHistory.
>
> Lockfile removed.
>
> mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -i
> mailscanner-4.85.2-3.noarch.rpm
>
> warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID
> a7bad773: NOKEY
>
> error: Failed dependencies:
>
>          perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
>
>          perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch
>
> *Marek Górny*
>
> *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] *On
> Behalf Of *Jerry Benton
> *Sent:* Saturday, October 24, 2015 9:14 PM
> *To:* MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Subject:* Re: upgrade MailScanner 4.84.6 to 4.85.2-3
>
> Yes.
>
>
> -
>
> Jerry Benton
>
> www.mailborder.com <http://www.mailborder.com>
>
>     On Oct 24, 2015, at 3:09 PM, Marek Górny <marek.gorny at bolix.pl
>     <mailto:marek.gorny at bolix.pl>> wrote:
>
>     So all packages listed below are needed before installation
>     <http://www.bing.com/search?q=so+packages+listed+below+are+needed+before+installation&FORM=AWRE>?
>
>     mail:/home/margor/pakiety/MailScanner-4.85.2-3 # rpm -ivh
>     mailscanner-4.85.2-3.noarch.rpm
>
>     warning: mailscanner-4.85.2-3.noarch.rpm: Header V3 DSA/SHA1 Signature,
>     key ID a7bad773: NOKEY
>
>     error: Failed dependencies:
>
>              man-pages is needed by mailscanner-4.85.2-3.noarch
>
>              man-pages-overrides is needed by mailscanner-4.85.2-3.noarch
>
>              perl(Inline::C) is needed by mailscanner-4.85.2-3.noarch
>
>              perl(Mail::IMAPClient) is needed by mailscanner-4.85.2-3.noarch
>
>              zip is needed by mailscanner-4.85.2-3.noarch
>
>     *Marek Górny*
>
>     *Specjalista****ds.**informatyki**/*
>
>     *IT Specialist*
>
>     GSM.: +48 606 775 440
>
>     Tel.:  +48 33 475 06 45
>
>     Fax.:  +48 33 475 06 12
>
>     E-mail:marek.gorny at bolix.pl <mailto:marek.zajac at bolix.pl>
>
>     www.bolix.pl <http://www.bolix.pl/>
>
>     www.bolixhd.pl <http://www.bolixhd.pl/>
>
>     www.ocieplenia.com.pl <http://www.ocieplenia.com.pl/>
>
>     *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info]*On
>     Behalf Of*Jerry Benton
>     *Sent:*Saturday, October 24, 2015 8:41 PM
>     *To:*MailScanner Discussion <mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>>
>     *Subject:*Re: upgrade MailScanner 4.84.6 to 4.85.2-3
>
>     What is the error return when you try to install the RPM? (Don’t use the
>     install script again, just try to install the RPM)
>
>
>     -
>
>     Jerry Benton
>
>     www.mailborder.com <http://www.mailborder.com/>
>
>         On Oct 24, 2015, at 2:38 PM, Marek Górny <marek.gorny at bolix.pl
>         <mailto:marek.gorny at bolix.pl>> wrote:
>
>         I used install.sh script
>
>         *Marek Górny*
>
>         *From:*MailScanner
>         [mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf Of*Jerry
>         Benton
>         *Sent:*Saturday, October 24, 2015 8:36 PM
>         *To:*MailScanner Discussion <mailscanner at lists.mailscanner.info
>         <mailto:mailscanner at lists.mailscanner.info>>
>         *Subject:*Re: upgrade MailScanner 4.84.6 to 4.85.2-3
>
>         Did you use the install script or did you just install the RPM?
>
>
>         -
>
>         Jerry Benton
>
>         www.mailborder.com <http://www.mailborder.com/>
>
>             On Oct 24, 2015, at 2:02 PM, Marek Górny <marek.gorny at bolix.pl
>             <mailto:marek.gorny at bolix.pl>> wrote:
>
>             He
>
>             Glad to be here, my first mail so Welcome Everyone.
>
>             I try to upgrade MailScanner  4.84.6 to 4.85.2-3 and have some errors.
>
>             My system is SUSE 13.1 with postfix 2.9.6
>
>             My configuration and installation log is in attachments
>
>             I used install.sh script with optin to skip install MTA (i already
>             have postfix installed)
>
> Bolix
>
> *Bolix SA*
> Ul. Stolarska 8
> 34-300 Żywiec, Poland
> Bolix S.A. jest wiodącym polskim producentem chemii budowlanej,
> specjalizującym się w produkcji systemów elewacyjnych.
> Marka BOLIX istnieje już od 1991 roku i jest synonimem najwyższej jakości
> rozwiązań budowlanych.
>
> Bolix_Kampania
>
> <http://www.chemiabudowlana.info/rankingi/ranking_producentow_systemow_ocieplen_2015/index>
>
> ------------------------------------------------------------------------------
>
> Nr KRS: 0000230009  - Sąd Rejonowy w Bielsku-Białej,
> VIII Wydział Gospodarczy Krajowego Rejestru Sądowego
> Kapitał zakładowy: 10 000 000 zł.; REGON: 015433210; NIP: 526-26-85-697
>
> *UWAGA: *Niniejsza korespondencja przeznaczona jest wyłącznie dla osoby lub
> podmiotu, do którego jest zaadresowana i może zawierać treści chronione
> przepisami prawa. Wgląd w treść wiadomości otrzymanej omyłkowo, dalsze jej
> przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, bądź
> podjęcie jakichkolwiek działań w oparciu o zawarte w niej informacje przez
> osobę lub podmiot nie będący adresatem, jest niedozwolone. Odbiorca
> korespondencji, który otrzymał ją omyłkowo, proszony jest o zawiadomienie
> nadawcy i usunięcie tego materiału z komputera.*
>
> ATTENTION: *The information transmitted is intended only for the person or
> entity to which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, Or taking
> of any action in reliance upon, this information by person or entity other
> than the intended recipient is not permitted. If you received this in error,
> please contact the sender and delete the material from any computer.
>
> Las Proszę pomyśl o środowisku przed wydrukowaniem tego maila. Please Consider
> the Environment before printing this Email
>
>
>
>
>

From b311b-ms at theotherbell.com  Sun Oct 25 01:30:07 2015
From: b311b-ms at theotherbell.com (b311b-ms at theotherbell.com)
Date: Sat, 24 Oct 2015 21:30:07 -0400
Subject: MailScanner not using SpamAssassin
Message-ID: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>

I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, 
spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is running 
on an Amazon EC2 instance under Amazon Linux.

Mail delivery is working to the point where messages reach their 
destination.

I’ve temporarily enabled logging until I verify everything is working 
as it should. The issue is that there’s no log evidence that 
mailscanner is triggering spam assassin.

The applicable settings from MailScanner.conf are as follows:

Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = no
Use SpamAssassin = yes
Max SpamAssassin Size = 200k
Required SpamAssassin Score = 6
High SpamAssassin Score = 10
SpamAssassin Auto Whitelist = yes
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes
Include Binary Attachments In SpamAssassin = no
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File = 
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
SpamAssassin Rule Actions =
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Log SpamAssassin Rule Actions = yes
SpamAssassin Temporary Dir = 
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Default Rules Dir =
SQL SpamAssassin Config =
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
SpamAssassin Cache Timings = 1800,300,10800,172800,600
Debug SpamAssassin = no

Obviously I’ve missed something, but I’m not seeing it. Can someone 
point me to other config elements I need to check?

Brenda

From jerry.benton at mailborder.com  Sun Oct 25 08:16:32 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Sun, 25 Oct 2015 04:16:32 -0400
Subject: MailScanner not using SpamAssassin
In-Reply-To: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
Message-ID: <F00ED289-6E16-4461-8983-6BEA954B49EE@mailborder.com>

Run:

MailScanner --Lint



-
Jerry Benton
www.mailborder.com



> On Oct 24, 2015, at 9:30 PM, b311b-ms at theotherbell.com wrote:
> 
> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is running on an Amazon EC2 instance under Amazon Linux.
> 
> Mail delivery is working to the point where messages reach their destination.
> 
> I’ve temporarily enabled logging until I verify everything is working as it should. The issue is that there’s no log evidence that mailscanner is triggering spam assassin.
> 
> The applicable settings from MailScanner.conf are as follows:
> 
> Include Scores In SpamAssassin Report = yes
> Always Include SpamAssassin Report = no
> Use SpamAssassin = yes
> Max SpamAssassin Size = 200k
> Required SpamAssassin Score = 6
> High SpamAssassin Score = 10
> SpamAssassin Auto Whitelist = yes
> SpamAssassin Timeout = 75
> Max SpamAssassin Timeouts = 10
> SpamAssassin Timeouts History = 30
> Check SpamAssassin If On Spam List = yes
> Include Binary Attachments In SpamAssassin = no
> Cache SpamAssassin Results = yes
> SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> SpamAssassin Rule Actions =
> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
> Log SpamAssassin Rule Actions = yes
> SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
> SpamAssassin Install Prefix =
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
> SpamAssassin Local Rules Dir =
> SpamAssassin Local State Dir = # /var/lib/spamassassin
> SpamAssassin Default Rules Dir =
> SQL SpamAssassin Config =
> MCP Required SpamAssassin Score = 1
> MCP High SpamAssassin Score = 10
> MCP Max SpamAssassin Timeouts = 20
> MCP Max SpamAssassin Size = 100k
> MCP SpamAssassin Timeout = 10
> MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
> MCP SpamAssassin User State Dir =
> MCP SpamAssassin Local Rules Dir = %mcp-dir%
> MCP SpamAssassin Default Rules Dir = %mcp-dir%
> MCP SpamAssassin Install Prefix = %mcp-dir%
> SpamAssassin Cache Timings = 1800,300,10800,172800,600
> Debug SpamAssassin = no
> 
> Obviously I’ve missed something, but I’m not seeing it. Can someone point me to other config elements I need to check?
> 
> Brenda
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 


From b311b-ms at theotherbell.com  Sun Oct 25 16:19:30 2015
From: b311b-ms at theotherbell.com (Brenda Bell)
Date: Sun, 25 Oct 2015 12:19:30 -0400
Subject: MailScanner not using SpamAssassin
In-Reply-To: <F00ED289-6E16-4461-8983-6BEA954B49EE@mailborder.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
 <F00ED289-6E16-4461-8983-6BEA954B49EE@mailborder.com>
Message-ID: <4A082043-A23F-4827-9486-8ABE54BB77D2@theotherbell.com>

Thanks for the quick response.

Here’s the output:

Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 467 hostnames from the phishing whitelist
Read 10954 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.85.2) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
I have found clamd scanners installed, and will use them all by default.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its 
virus.scanners.conf.

It says “found 1 problem”, but there’s no indication of what that 
problem is. Keep in mind that this output looks normal to me, but 
probably don’t know what normal looks like because I haven’t seen it 
yet :(

I checked /var/log/maillog and /var/log/messages and I’m not seeing 
any errors.

Brenda

On 25 Oct 2015, at 4:16, Jerry Benton wrote:

> Run:
>
> MailScanner --Lint
>
>
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Oct 24, 2015, at 9:30 PM, b311b-ms at theotherbell.com wrote:
>>
>> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, 
>> spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is 
>> running on an Amazon EC2 instance under Amazon Linux.
>>
>> Mail delivery is working to the point where messages reach their 
>> destination.
>>
>> I’ve temporarily enabled logging until I verify everything is 
>> working as it should. The issue is that there’s no log evidence 
>> that mailscanner is triggering spam assassin.
>>
>> The applicable settings from MailScanner.conf are as follows:
>>
>> Include Scores In SpamAssassin Report = yes
>> Always Include SpamAssassin Report = no
>> Use SpamAssassin = yes
>> Max SpamAssassin Size = 200k
>> Required SpamAssassin Score = 6
>> High SpamAssassin Score = 10
>> SpamAssassin Auto Whitelist = yes
>> SpamAssassin Timeout = 75
>> Max SpamAssassin Timeouts = 10
>> SpamAssassin Timeouts History = 30
>> Check SpamAssassin If On Spam List = yes
>> Include Binary Attachments In SpamAssassin = no
>> Cache SpamAssassin Results = yes
>> SpamAssassin Cache Database File = 
>> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>> SpamAssassin Rule Actions =
>> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
>> Log SpamAssassin Rule Actions = yes
>> SpamAssassin Temporary Dir = 
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>> SpamAssassin Install Prefix =
>> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>> SpamAssassin Local Rules Dir =
>> SpamAssassin Local State Dir = # /var/lib/spamassassin
>> SpamAssassin Default Rules Dir =
>> SQL SpamAssassin Config =
>> MCP Required SpamAssassin Score = 1
>> MCP High SpamAssassin Score = 10
>> MCP Max SpamAssassin Timeouts = 20
>> MCP Max SpamAssassin Size = 100k
>> MCP SpamAssassin Timeout = 10
>> MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
>> MCP SpamAssassin User State Dir =
>> MCP SpamAssassin Local Rules Dir = %mcp-dir%
>> MCP SpamAssassin Default Rules Dir = %mcp-dir%
>> MCP SpamAssassin Install Prefix = %mcp-dir%
>> SpamAssassin Cache Timings = 1800,300,10800,172800,600
>> Debug SpamAssassin = no
>>
>> Obviously I’ve missed something, but I’m not seeing it. Can 
>> someone point me to other config elements I need to check?
>>
>> Brenda
>>
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151025/980f6dde/attachment.html>

From mark at msapiro.net  Sun Oct 25 16:39:41 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 25 Oct 2015 09:39:41 -0700
Subject: MailScanner not using SpamAssassin
In-Reply-To: <4A082043-A23F-4827-9486-8ABE54BB77D2@theotherbell.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
 <F00ED289-6E16-4461-8983-6BEA954B49EE@mailborder.com>
 <4A082043-A23F-4827-9486-8ABE54BB77D2@theotherbell.com>
Message-ID: <562D05CD.4080302@msapiro.net>

On 10/25/2015 09:19 AM, Brenda Bell wrote:
> 
> It says “found 1 problem”, but there’s no indication of what that
> problem is. Keep in mind that this output looks normal to me, but
> probably don’t know what normal looks like because I haven’t seen it yet :(


The output you posted is completely normal. The

Other Checks: Found 1 problems

line is a reference to the eicer.com file which is supposed to be a
problem for various reasons, i.e. it has a .com extension, it is
executable and it is infected with Eicar-Test-Signature.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gao at pztop.com  Sun Oct 25 21:15:26 2015
From: gao at pztop.com (Gao)
Date: Sun, 25 Oct 2015 14:15:26 -0700
Subject: MailScanner not using SpamAssassin
In-Reply-To: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
Message-ID: <562D466E.5080007@pztop.com>

do you have:
/^Received:/  HOLD

in your postfix header_checks?

Gao

On 10/24/2015 6:30 PM, b311b-ms at theotherbell.com wrote:
> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, 
> spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is 
> running on an Amazon EC2 instance under Amazon Linux.
>
> Mail delivery is working to the point where messages reach their 
> destination.
>
> I’ve temporarily enabled logging until I verify everything is working 
> as it should. The issue is that there’s no log evidence that 
> mailscanner is triggering spam assassin.
>
> The applicable settings from MailScanner.conf are as follows:
>
> Include Scores In SpamAssassin Report = yes
> Always Include SpamAssassin Report = no
> Use SpamAssassin = yes
> Max SpamAssassin Size = 200k
> Required SpamAssassin Score = 6
> High SpamAssassin Score = 10
> SpamAssassin Auto Whitelist = yes
> SpamAssassin Timeout = 75
> Max SpamAssassin Timeouts = 10
> SpamAssassin Timeouts History = 30
> Check SpamAssassin If On Spam List = yes
> Include Binary Attachments In SpamAssassin = no
> Cache SpamAssassin Results = yes
> SpamAssassin Cache Database File = 
> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> SpamAssassin Rule Actions =
> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
> Log SpamAssassin Rule Actions = yes
> SpamAssassin Temporary Dir = 
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
> SpamAssassin Install Prefix =
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
> SpamAssassin Local Rules Dir =
> SpamAssassin Local State Dir = # /var/lib/spamassassin
> SpamAssassin Default Rules Dir =
> SQL SpamAssassin Config =
> MCP Required SpamAssassin Score = 1
> MCP High SpamAssassin Score = 10
> MCP Max SpamAssassin Timeouts = 20
> MCP Max SpamAssassin Size = 100k
> MCP SpamAssassin Timeout = 10
> MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
> MCP SpamAssassin User State Dir =
> MCP SpamAssassin Local Rules Dir = %mcp-dir%
> MCP SpamAssassin Default Rules Dir = %mcp-dir%
> MCP SpamAssassin Install Prefix = %mcp-dir%
> SpamAssassin Cache Timings = 1800,300,10800,172800,600
> Debug SpamAssassin = no
>
> Obviously I’ve missed something, but I’m not seeing it. Can someone 
> point me to other config elements I need to check?
>
> Brenda
>
>


From b311b-ms at theotherbell.com  Sun Oct 25 22:17:50 2015
From: b311b-ms at theotherbell.com (Brenda Bell)
Date: Sun, 25 Oct 2015 18:17:50 -0400
Subject: MailScanner not using SpamAssassin
In-Reply-To: <562D466E.5080007@pztop.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
 <562D466E.5080007@pztop.com>
Message-ID: <9226FBDC-9C04-4D1A-9597-27072A2C71F8@theotherbell.com>

I do not.

The only thing I have in header_checks is this:

/^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*.*/ DISCARD Message exceeded 
SpamAssassin score limit of 10


On 25 Oct 2015, at 17:15, Gao wrote:

> do you have:
> /^Received:/  HOLD
>
> in your postfix header\_checks?
>
> Gao
>
> On 10/24/2015 6:30 PM, b311b-ms at theotherbell.com wrote:
>> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, 
>> spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is 
>> running on an Amazon EC2 instance under Amazon Linux.
>>
>> Mail delivery is working to the point where messages reach their 
>> destination.
>>
>> I’ve temporarily enabled logging until I verify everything is 
>> working as it should. The issue is that there’s no log evidence 
>> that mailscanner is triggering spam assassin.
>>
>> The applicable settings from MailScanner.conf are as follows:
>>
>> Include Scores In SpamAssassin Report = yes
>> Always Include SpamAssassin Report = no
>> Use SpamAssassin = yes
>> Max SpamAssassin Size = 200k
>> Required SpamAssassin Score = 6
>> High SpamAssassin Score = 10
>> SpamAssassin Auto Whitelist = yes
>> SpamAssassin Timeout = 75
>> Max SpamAssassin Timeouts = 10
>> SpamAssassin Timeouts History = 30
>> Check SpamAssassin If On Spam List = yes
>> Include Binary Attachments In SpamAssassin = no
>> Cache SpamAssassin Results = yes
>> SpamAssassin Cache Database File = 
>> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>> SpamAssassin Rule Actions =
>> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
>> Log SpamAssassin Rule Actions = yes
>> SpamAssassin Temporary Dir = 
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>> SpamAssassin Install Prefix =
>> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>> SpamAssassin Local Rules Dir =
>> SpamAssassin Local State Dir = # /var/lib/spamassassin
>> SpamAssassin Default Rules Dir =
>> SQL SpamAssassin Config =
>> MCP Required SpamAssassin Score = 1
>> MCP High SpamAssassin Score = 10
>> MCP Max SpamAssassin Timeouts = 20
>> MCP Max SpamAssassin Size = 100k
>> MCP SpamAssassin Timeout = 10
>> MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
>> MCP SpamAssassin User State Dir =
>> MCP SpamAssassin Local Rules Dir = %mcp-dir%
>> MCP SpamAssassin Default Rules Dir = %mcp-dir%
>> MCP SpamAssassin Install Prefix = %mcp-dir%
>> SpamAssassin Cache Timings = 1800,300,10800,172800,600
>> Debug SpamAssassin = no
>>
>> Obviously I’ve missed something, but I’m not seeing it. Can 
>> someone point me to other config elements I need to check?
>>
>> Brenda
>>
>>
>
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner

From jerry.benton at mailborder.com  Sun Oct 25 23:13:08 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Sun, 25 Oct 2015 19:13:08 -0400
Subject: MailScanner not using SpamAssassin
In-Reply-To: <9226FBDC-9C04-4D1A-9597-27072A2C71F8@theotherbell.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
 <562D466E.5080007@pztop.com>
 <9226FBDC-9C04-4D1A-9597-27072A2C71F8@theotherbell.com>
Message-ID: <75C69D4C-8182-4B25-9028-D10B8B8ED779@mailborder.com>

Check the Postfix setup guide on the MailScanner website.

-
Jerry Benton
www.mailborder.com
Sent from my iPhone

> On Oct 25, 2015, at 18:17, Brenda Bell <b311b-ms at theotherbell.com> wrote:
> 
> I do not.
> 
> The only thing I have in header_checks is this:
> 
> /^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*.*/ DISCARD Message exceeded SpamAssassin score limit of 10
> 
> 
>> On 25 Oct 2015, at 17:15, Gao wrote:
>> 
>> do you have:
>> /^Received:/  HOLD
>> 
>> in your postfix header\_checks?
>> 
>> Gao
>> 
>>> On 10/24/2015 6:30 PM, b311b-ms at theotherbell.com wrote:
>>> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is running on an Amazon EC2 instance under Amazon Linux.
>>> 
>>> Mail delivery is working to the point where messages reach their destination.
>>> 
>>> I’ve temporarily enabled logging until I verify everything is working as it should. The issue is that there’s no log evidence that mailscanner is triggering spam assassin.
>>> 
>>> The applicable settings from MailScanner.conf are as follows:
>>> 
>>> Include Scores In SpamAssassin Report = yes
>>> Always Include SpamAssassin Report = no
>>> Use SpamAssassin = yes
>>> Max SpamAssassin Size = 200k
>>> Required SpamAssassin Score = 6
>>> High SpamAssassin Score = 10
>>> SpamAssassin Auto Whitelist = yes
>>> SpamAssassin Timeout = 75
>>> Max SpamAssassin Timeouts = 10
>>> SpamAssassin Timeouts History = 30
>>> Check SpamAssassin If On Spam List = yes
>>> Include Binary Attachments In SpamAssassin = no
>>> Cache SpamAssassin Results = yes
>>> SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>>> SpamAssassin Rule Actions =
>>> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
>>> Log SpamAssassin Rule Actions = yes
>>> SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>>> SpamAssassin Install Prefix =
>>> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>>> SpamAssassin Local Rules Dir =
>>> SpamAssassin Local State Dir = # /var/lib/spamassassin
>>> SpamAssassin Default Rules Dir =
>>> SQL SpamAssassin Config =
>>> MCP Required SpamAssassin Score = 1
>>> MCP High SpamAssassin Score = 10
>>> MCP Max SpamAssassin Timeouts = 20
>>> MCP Max SpamAssassin Size = 100k
>>> MCP SpamAssassin Timeout = 10
>>> MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
>>> MCP SpamAssassin User State Dir =
>>> MCP SpamAssassin Local Rules Dir = %mcp-dir%
>>> MCP SpamAssassin Default Rules Dir = %mcp-dir%
>>> MCP SpamAssassin Install Prefix = %mcp-dir%
>>> SpamAssassin Cache Timings = 1800,300,10800,172800,600
>>> Debug SpamAssassin = no
>>> 
>>> Obviously I’ve missed something, but I’m not seeing it. Can someone point me to other config elements I need to check?
>>> 
>>> Brenda
>> 
>> 
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

From jerry.benton at mailborder.com  Sun Oct 25 23:13:59 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Sun, 25 Oct 2015 19:13:59 -0400
Subject: MailScanner not using SpamAssassin
In-Reply-To: <562D466E.5080007@pztop.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
 <562D466E.5080007@pztop.com>
Message-ID: <346734C4-D475-433A-8E85-72C8E8C7446C@mailborder.com>

Good catch Gao.

-
Jerry Benton
www.mailborder.com
Sent from my iPhone

> On Oct 25, 2015, at 17:15, Gao <gao at pztop.com> wrote:
> 
> do you have:
> /^Received:/  HOLD
> 
> in your postfix header_checks?
> 
> Gao
> 
>> On 10/24/2015 6:30 PM, b311b-ms at theotherbell.com wrote:
>> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is running on an Amazon EC2 instance under Amazon Linux.
>> 
>> Mail delivery is working to the point where messages reach their destination.
>> 
>> I’ve temporarily enabled logging until I verify everything is working as it should. The issue is that there’s no log evidence that mailscanner is triggering spam assassin.
>> 
>> The applicable settings from MailScanner.conf are as follows:
>> 
>> Include Scores In SpamAssassin Report = yes
>> Always Include SpamAssassin Report = no
>> Use SpamAssassin = yes
>> Max SpamAssassin Size = 200k
>> Required SpamAssassin Score = 6
>> High SpamAssassin Score = 10
>> SpamAssassin Auto Whitelist = yes
>> SpamAssassin Timeout = 75
>> Max SpamAssassin Timeouts = 10
>> SpamAssassin Timeouts History = 30
>> Check SpamAssassin If On Spam List = yes
>> Include Binary Attachments In SpamAssassin = no
>> Cache SpamAssassin Results = yes
>> SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>> SpamAssassin Rule Actions =
>> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
>> Log SpamAssassin Rule Actions = yes
>> SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>> SpamAssassin Install Prefix =
>> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>> SpamAssassin Local Rules Dir =
>> SpamAssassin Local State Dir = # /var/lib/spamassassin
>> SpamAssassin Default Rules Dir =
>> SQL SpamAssassin Config =
>> MCP Required SpamAssassin Score = 1
>> MCP High SpamAssassin Score = 10
>> MCP Max SpamAssassin Timeouts = 20
>> MCP Max SpamAssassin Size = 100k
>> MCP SpamAssassin Timeout = 10
>> MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
>> MCP SpamAssassin User State Dir =
>> MCP SpamAssassin Local Rules Dir = %mcp-dir%
>> MCP SpamAssassin Default Rules Dir = %mcp-dir%
>> MCP SpamAssassin Install Prefix = %mcp-dir%
>> SpamAssassin Cache Timings = 1800,300,10800,172800,600
>> Debug SpamAssassin = no
>> 
>> Obviously I’ve missed something, but I’m not seeing it. Can someone point me to other config elements I need to check?
>> 
>> Brenda
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

From jerry.benton at mailborder.com  Sun Oct 25 23:17:55 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Sun, 25 Oct 2015 19:17:55 -0400
Subject: MailScanner not using SpamAssassin
In-Reply-To: <75C69D4C-8182-4B25-9028-D10B8B8ED779@mailborder.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
 <562D466E.5080007@pztop.com>
 <9226FBDC-9C04-4D1A-9597-27072A2C71F8@theotherbell.com>
 <75C69D4C-8182-4B25-9028-D10B8B8ED779@mailborder.com>
Message-ID: <43F37546-D43B-47FE-BE8D-FAA43D0C028E@mailborder.com>

https://www.mailscanner.info/postfix/

-
Jerry Benton
www.mailborder.com
Sent from my iPhone

> On Oct 25, 2015, at 19:13, Jerry Benton <jerry.benton at mailborder.com> wrote:
> 
> Check the Postfix setup guide on the MailScanner website.
> 
> -
> Jerry Benton
> www.mailborder.com
> Sent from my iPhone
> 
>> On Oct 25, 2015, at 18:17, Brenda Bell <b311b-ms at theotherbell.com> wrote:
>> 
>> I do not.
>> 
>> The only thing I have in header_checks is this:
>> 
>> /^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*.*/ DISCARD Message exceeded SpamAssassin score limit of 10
>> 
>> 
>>> On 25 Oct 2015, at 17:15, Gao wrote:
>>> 
>>> do you have:
>>> /^Received:/  HOLD
>>> 
>>> in your postfix header\_checks?
>>> 
>>> Gao
>>> 
>>>> On 10/24/2015 6:30 PM, b311b-ms at theotherbell.com wrote:
>>>> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is running on an Amazon EC2 instance under Amazon Linux.
>>>> 
>>>> Mail delivery is working to the point where messages reach their destination.
>>>> 
>>>> I’ve temporarily enabled logging until I verify everything is working as it should. The issue is that there’s no log evidence that mailscanner is triggering spam assassin.
>>>> 
>>>> The applicable settings from MailScanner.conf are as follows:
>>>> 
>>>> Include Scores In SpamAssassin Report = yes
>>>> Always Include SpamAssassin Report = no
>>>> Use SpamAssassin = yes
>>>> Max SpamAssassin Size = 200k
>>>> Required SpamAssassin Score = 6
>>>> High SpamAssassin Score = 10
>>>> SpamAssassin Auto Whitelist = yes
>>>> SpamAssassin Timeout = 75
>>>> Max SpamAssassin Timeouts = 10
>>>> SpamAssassin Timeouts History = 30
>>>> Check SpamAssassin If On Spam List = yes
>>>> Include Binary Attachments In SpamAssassin = no
>>>> Cache SpamAssassin Results = yes
>>>> SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>>>> SpamAssassin Rule Actions =
>>>> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
>>>> Log SpamAssassin Rule Actions = yes
>>>> SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>>>> SpamAssassin Install Prefix =
>>>> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>>>> SpamAssassin Local Rules Dir =
>>>> SpamAssassin Local State Dir = # /var/lib/spamassassin
>>>> SpamAssassin Default Rules Dir =
>>>> SQL SpamAssassin Config =
>>>> MCP Required SpamAssassin Score = 1
>>>> MCP High SpamAssassin Score = 10
>>>> MCP Max SpamAssassin Timeouts = 20
>>>> MCP Max SpamAssassin Size = 100k
>>>> MCP SpamAssassin Timeout = 10
>>>> MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
>>>> MCP SpamAssassin User State Dir =
>>>> MCP SpamAssassin Local Rules Dir = %mcp-dir%
>>>> MCP SpamAssassin Default Rules Dir = %mcp-dir%
>>>> MCP SpamAssassin Install Prefix = %mcp-dir%
>>>> SpamAssassin Cache Timings = 1800,300,10800,172800,600
>>>> Debug SpamAssassin = no
>>>> 
>>>> Obviously I’ve missed something, but I’m not seeing it. Can someone point me to other config elements I need to check?
>>>> 
>>>> Brenda
>>> 
>>> 
>>> 
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/listinfo/mailscanner
>> 
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>> 

From b311b-ms at theotherbell.com  Mon Oct 26 00:05:03 2015
From: b311b-ms at theotherbell.com (Brenda Bell)
Date: Sun, 25 Oct 2015 20:05:03 -0400
Subject: MailScanner not using SpamAssassin
In-Reply-To: <43F37546-D43B-47FE-BE8D-FAA43D0C028E@mailborder.com>
References: <0C52A6B9-BD0D-4C11-AF62-CDE1441AB6E7@theotherbell.com>
 <562D466E.5080007@pztop.com>
 <9226FBDC-9C04-4D1A-9597-27072A2C71F8@theotherbell.com>
 <75C69D4C-8182-4B25-9028-D10B8B8ED779@mailborder.com>
 <43F37546-D43B-47FE-BE8D-FAA43D0C028E@mailborder.com>
Message-ID: <26E23BE7-5618-4311-A880-BE3F9BC921B1@theotherbell.com>

Thanks Jerry & Gao.

All is well now.

There was so much detail in the Mail Scanner User Guide I downloaded, I 
thought I’d have a working system if I did everything in that book. 
Apparently not. It really should have included links to the appropriate 
Mail Scanner pages near the links to the MTA’s web sites. In fact, it 
references the link, but says “For other information on other 
supported MTAs”, leading one to believe that all you need to know 
about Sendmail, Exim and Postfix are in the book.

Lesson learned.

Thanks so much for helping me get this working.

On 25 Oct 2015, at 19:17, Jerry Benton wrote:

> https://www.mailscanner.info/postfix/
>
> -
> Jerry Benton
> www.mailborder.com
> Sent from my iPhone
>
>> On Oct 25, 2015, at 19:13, Jerry Benton <jerry.benton at mailborder.com> 
>> wrote:
>>
>> Check the Postfix setup guide on the MailScanner website.
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>> Sent from my iPhone
>>
>>> On Oct 25, 2015, at 18:17, Brenda Bell <b311b-ms at theotherbell.com> 
>>> wrote:
>>>
>>> I do not.
>>>
>>> The only thing I have in header\_checks is this:
>>>
>>> /^X-Spam-Level: \\\*\\\*\\\*\\\*\\\*\\\*\\\*\\\*\\\*\\\*.\*/ DISCARD 
>>> Message exceeded SpamAssassin score limit of 10
>>>
>>>
>>>> On 25 Oct 2015, at 17:15, Gao wrote:
>>>>
>>>> do you have:
>>>> /^Received:/  HOLD
>>>>
>>>> in your postfix header\\\_checks?
>>>>
>>>> Gao
>>>>
>>>>> On 10/24/2015 6:30 PM, b311b-ms at theotherbell.com wrote:
>>>>> I just installed MailScanner 4.85.2-3 with clamav 0.98.7-1.12, 
>>>>> spamassassin 3.4.0-7.12 and postfix 2:2.6.6-2.15. All of this is 
>>>>> running on an Amazon EC2 instance under Amazon Linux.
>>>>>
>>>>> Mail delivery is working to the point where messages reach their 
>>>>> destination.
>>>>>
>>>>> I’ve temporarily enabled logging until I verify everything is 
>>>>> working as it should. The issue is that there’s no log evidence 
>>>>> that mailscanner is triggering spam assassin.
>>>>>
>>>>> The applicable settings from MailScanner.conf are as follows:
>>>>>
>>>>> Include Scores In SpamAssassin Report = yes
>>>>> Always Include SpamAssassin Report = no
>>>>> Use SpamAssassin = yes
>>>>> Max SpamAssassin Size = 200k
>>>>> Required SpamAssassin Score = 6
>>>>> High SpamAssassin Score = 10
>>>>> SpamAssassin Auto Whitelist = yes
>>>>> SpamAssassin Timeout = 75
>>>>> Max SpamAssassin Timeouts = 10
>>>>> SpamAssassin Timeouts History = 30
>>>>> Check SpamAssassin If On Spam List = yes
>>>>> Include Binary Attachments In SpamAssassin = no
>>>>> Cache SpamAssassin Results = yes
>>>>> SpamAssassin Cache Database File = 
>>>>> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>>>>> SpamAssassin Rule Actions =
>>>>> Sender SpamAssassin Report = 
>>>>> %report-dir%/sender.spam.sa.report.txt
>>>>> Log SpamAssassin Rule Actions = yes
>>>>> SpamAssassin Temporary Dir = 
>>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>>> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>>>>> SpamAssassin Install Prefix =
>>>>> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>>>>> SpamAssassin Local Rules Dir =
>>>>> SpamAssassin Local State Dir = # /var/lib/spamassassin
>>>>> SpamAssassin Default Rules Dir =
>>>>> SQL SpamAssassin Config =
>>>>> MCP Required SpamAssassin Score = 1
>>>>> MCP High SpamAssassin Score = 10
>>>>> MCP Max SpamAssassin Timeouts = 20
>>>>> MCP Max SpamAssassin Size = 100k
>>>>> MCP SpamAssassin Timeout = 10
>>>>> MCP SpamAssassin Prefs File = 
>>>>> %mcp-dir%/mcp.spam.assassin.prefs.conf
>>>>> MCP SpamAssassin User State Dir =
>>>>> MCP SpamAssassin Local Rules Dir = %mcp-dir%
>>>>> MCP SpamAssassin Default Rules Dir = %mcp-dir%
>>>>> MCP SpamAssassin Install Prefix = %mcp-dir%
>>>>> SpamAssassin Cache Timings = 1800,300,10800,172800,600
>>>>> Debug SpamAssassin = no
>>>>>
>>>>> Obviously I’ve missed something, but I’m not seeing it. Can 
>>>>> someone point me to other config elements I need to check?
>>>>>
>>>>> Brenda
>>>>
>>>>
>>>>
>>>> -- 
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>
>>>
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner

From jerry.benton at mailborder.com  Wed Oct 28 12:24:49 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Wed, 28 Oct 2015 08:24:49 -0400
Subject: Update - Web Bug File 
Message-ID: <7E99374D-E3F0-4C3B-B289-FC53275732B6@mailborder.com>

Hello,

Please update your configs to use this as your “Web Bug Replacement”

https://s3.amazonaws.com/mailscanner/images/1x1spacer.gif


The MailScanner website gets hammered from all of the requests to the old link. 

-
Jerry Benton
www.mailborder.com




From barryc at rjlsystems.com  Wed Oct 28 15:54:29 2015
From: barryc at rjlsystems.com (Barry Callahan)
Date: Wed, 28 Oct 2015 11:54:29 -0400
Subject: Update - Web Bug File
In-Reply-To: <7E99374D-E3F0-4C3B-B289-FC53275732B6@mailborder.com>
References: <7E99374D-E3F0-4C3B-B289-FC53275732B6@mailborder.com>
Message-ID: <5630EFB5.6090504@rjlsystems.com>

....

Your email made me think of something that I'm sorry to say had not 
occurred to me before now.
Is there a specific reason for us to all be using the same 1x1spacer.gif 
image from a central location?

Since you mentioned the toll that this is taking, those of us who are 
running our own webservers as well as our own mailservers could update 
the mailscanner config to use a locally-hosted image.

I mean, unless it serves a useful purpose, it seems silly for us to be 
using your infrastructure for the spacer when we could very easily be 
using our own.


#/*****************************\
#* Barry Callahan
#* Technologist
#* RJL Systems
#* phone: 1 586 790 - 0200 x112
#*        1 800 528 - 4513 x112
#* fax:   1 586 790 - 0205
#\*****************************/

On 10/28/2015 8:24 AM, Jerry Benton wrote:
> Hello,
>
> Please update your configs to use this as your “Web Bug Replacement”
>
> https://s3.amazonaws.com/mailscanner/images/1x1spacer.gif
>
>
> The MailScanner website gets hammered from all of the requests to the old link.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>
>


From jerry.benton at mailborder.com  Wed Oct 28 15:57:20 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Wed, 28 Oct 2015 11:57:20 -0400
Subject: Update - Web Bug File 
In-Reply-To: <5630EFB5.6090504@rjlsystems.com>
References: <7E99374D-E3F0-4C3B-B289-FC53275732B6@mailborder.com>
 <5630EFB5.6090504@rjlsystems.com>
Message-ID: <5E100F9B-500D-4C31-A7EB-A96DC4E57454@mailborder.com>

Barry,

Of course you can host your own image. 

-
Jerry Benton
www.mailborder.com



> On Oct 28, 2015, at 11:54 AM, Barry Callahan <barryc at rjlsystems.com> wrote:
> 
> ....
> 
> Your email made me think of something that I'm sorry to say had not occurred to me before now.
> Is there a specific reason for us to all be using the same 1x1spacer.gif image from a central location?
> 
> Since you mentioned the toll that this is taking, those of us who are running our own webservers as well as our own mailservers could update the mailscanner config to use a locally-hosted image.
> 
> I mean, unless it serves a useful purpose, it seems silly for us to be using your infrastructure for the spacer when we could very easily be using our own.
> 
> 
> #/*****************************\
> #* Barry Callahan
> #* Technologist
> #* RJL Systems
> #* phone: 1 586 790 - 0200 x112
> #*        1 800 528 - 4513 x112
> #* fax:   1 586 790 - 0205
> #\*****************************/
> 
> On 10/28/2015 8:24 AM, Jerry Benton wrote:
>> Hello,
>> 
>> Please update your configs to use this as your “Web Bug Replacement”
>> 
>> https://s3.amazonaws.com/mailscanner/images/1x1spacer.gif
>> 
>> 
>> The MailScanner website gets hammered from all of the requests to the old link.
>> 
>> -
>> Jerry Benton
>> www.mailborder.com
>> 
>> 
>> 
>> 
>> 
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 


From alex at vidadigital.com.pa  Wed Oct 28 17:33:06 2015
From: alex at vidadigital.com.pa (Alex Neuman van der Hans)
Date: Wed, 28 Oct 2015 12:33:06 -0500
Subject: Update - Web Bug File
In-Reply-To: <5E100F9B-500D-4C31-A7EB-A96DC4E57454@mailborder.com>
References: <7E99374D-E3F0-4C3B-B289-FC53275732B6@mailborder.com>
 <5630EFB5.6090504@rjlsystems.com>
 <5E100F9B-500D-4C31-A7EB-A96DC4E57454@mailborder.com>
Message-ID: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>

Suggestion for next version:

Your-MailScanner-CDN = "http://localhost/ <http://localhost/>"
Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif


> On Oct 28, 2015, at 10:57 AM, Jerry Benton <jerry.benton at mailborder.com> wrote:
> 
> Barry,
> 
> Of course you can host your own image. 
> 
> -
> Jerry Benton
> www.mailborder.com
> 
> 
> 
>> On Oct 28, 2015, at 11:54 AM, Barry Callahan <barryc at rjlsystems.com> wrote:
>> 
>> ....
>> 
>> Your email made me think of something that I'm sorry to say had not occurred to me before now.
>> Is there a specific reason for us to all be using the same 1x1spacer.gif image from a central location?
>> 
>> Since you mentioned the toll that this is taking, those of us who are running our own webservers as well as our own mailservers could update the mailscanner config to use a locally-hosted image.
>> 
>> I mean, unless it serves a useful purpose, it seems silly for us to be using your infrastructure for the spacer when we could very easily be using our own.
>> 
>> 
>> #/*****************************\
>> #* Barry Callahan
>> #* Technologist
>> #* RJL Systems
>> #* phone: 1 586 790 - 0200 x112
>> #*        1 800 528 - 4513 x112
>> #* fax:   1 586 790 - 0205
>> #\*****************************/
>> 
>> On 10/28/2015 8:24 AM, Jerry Benton wrote:
>>> Hello,
>>> 
>>> Please update your configs to use this as your “Web Bug Replacement”
>>> 
>>> https://s3.amazonaws.com/mailscanner/images/1x1spacer.gif
>>> 
>>> 
>>> The MailScanner website gets hammered from all of the requests to the old link.
>>> 
>>> -
>>> Jerry Benton
>>> www.mailborder.com
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>> 
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151028/5b07f02c/attachment.html>

From kevin.miller at juneau.org  Wed Oct 28 23:09:46 2015
From: kevin.miller at juneau.org (Kevin Miller)
Date: Wed, 28 Oct 2015 23:09:46 +0000
Subject: Spam Lists
Message-ID: <402c6a5b15f74b6fa538f68fdb91b07c@City-Exch-DB2.cbj.local>

It seems that both SORBS and mailspike blacklists are now included in spamassassin now.  At the moment I only have spamcop listed in MailScanner.conf:
  Spam List = spamcop

I'd like to add in others so that I can take advantage of the "Spam Lists To Be Spam" option.  

SORBS and MailSpike aren't listed in the spam.lists.conf file however.  

What do I need to set so that when MailScanner looks at the RBL hits the tally is increased.  For instance if I have
    Spam Lists To Be Spam = 2 
how can I get MailScanner to pick up on the other spam lists?  The historical way would be to add the additional RBLs to spam.lists.conf but since spamassassin is already doing the scanning there's no point in doing it again which I believe listing them in the spam.lists.conf and "Spam List =" option would do.

Can MailScanner detect that they've already been found on an RBL and use that to increase the metric?  If not, maybe a nice new feature would be if MailScanner could automatically pick up on the RBLs included in spamassassin for the purpose of incrementing the spam list count.

Thanks...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357


From mark at msapiro.net  Wed Oct 28 23:44:25 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 28 Oct 2015 16:44:25 -0700
Subject: Update - Web Bug File
In-Reply-To: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
References: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
Message-ID: <56315DD9.1090304@msapiro.net>

Alex Neuman van der Hans wrote:

> Suggestion for next version:
> 
> Your-MailScanner-CDN = "http://localhost/"
> Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif


If you literally mean 'localhost' you can't do that. You have no control
over where the mail client reading the 'disarmed' email might be or what
its notion of 'localhost' is.

MailScanner also doesn't know what URL will access 1x1spacer.gif on the
local machine even if it knows where it put it.

So really the only sensible default might be

Your-MailScanner-CDN = "https://s3.amazonaws.com/mailscanner/images"
Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From kevin.miller at juneau.org  Wed Oct 28 23:49:23 2015
From: kevin.miller at juneau.org (Kevin Miller)
Date: Wed, 28 Oct 2015 23:49:23 +0000
Subject: Update - Web Bug File
In-Reply-To: <56315DD9.1090304@msapiro.net>
References: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
 <56315DD9.1090304@msapiro.net>
Message-ID: <2e5321679cb946aeaee16c3f6f106e5b@City-Exch-DB2.cbj.local>

For those of us running MailWatch or similar web interface for MailScanner it's a no brainer to put it on that host.  Or any local web server for that matter.  I did that some time ago because you can't count on external servers being around forever...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357


-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro
Sent: Wednesday, October 28, 2015 3:44 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: Update - Web Bug File

Alex Neuman van der Hans wrote:

> Suggestion for next version:
> 
> Your-MailScanner-CDN = "http://localhost/"
> Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif


If you literally mean 'localhost' you can't do that. You have no control over where the mail client reading the 'disarmed' email might be or what its notion of 'localhost' is.

MailScanner also doesn't know what URL will access 1x1spacer.gif on the local machine even if it knows where it put it.

So really the only sensible default might be

Your-MailScanner-CDN = "https://s3.amazonaws.com/mailscanner/images"
Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


From b311b-ms at theotherbell.com  Thu Oct 29 00:43:35 2015
From: b311b-ms at theotherbell.com (Brenda Bell)
Date: Wed, 28 Oct 2015 20:43:35 -0400
Subject: Update - Web Bug File
In-Reply-To: <56315DD9.1090304@msapiro.net>
References: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
 <56315DD9.1090304@msapiro.net>
Message-ID: <9FA34157-0019-409C-98D4-2460B268EC00@theotherbell.com>

Actually, that makes me ask another question… will MailScanner work 
with a file URL like file:///etc/MailScanner/1x1spacer.gif?

On 28 Oct 2015, at 19:44, Mark Sapiro wrote:

> Alex Neuman van der Hans wrote:
>
>> Suggestion for next version:
>>
>> Your-MailScanner-CDN = "http://localhost/"
>> Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif
>
>
> If you literally mean 'localhost' you can't do that. You have no 
> control
> over where the mail client reading the 'disarmed' email might be or 
> what
> its notion of 'localhost' is.
>
> MailScanner also doesn't know what URL will access 1x1spacer.gif on 
> the
> local machine even if it knows where it put it.
>
> So really the only sensible default might be
>
> Your-MailScanner-CDN = "https://s3.amazonaws.com/mailscanner/images"
> Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif
>
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

From b311b-ms at theotherbell.com  Thu Oct 29 00:45:31 2015
From: b311b-ms at theotherbell.com (Brenda Bell)
Date: Wed, 28 Oct 2015 20:45:31 -0400
Subject: Update - Web Bug File
In-Reply-To: <9FA34157-0019-409C-98D4-2460B268EC00@theotherbell.com>
References: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
 <56315DD9.1090304@msapiro.net>
 <9FA34157-0019-409C-98D4-2460B268EC00@theotherbell.com>
Message-ID: <A9869E06-89A3-4392-9366-7B9696D0AE3B@theotherbell.com>

Oh wait… I missed the part about the URL being used on the client. I 
thought it was being referenced from the server… so file URL won’t 
work either.

On 28 Oct 2015, at 20:43, Brenda Bell wrote:

> Actually, that makes me ask another question… will MailScanner work 
> with a file URL like file:///etc/MailScanner/1x1spacer.gif?
>
> On 28 Oct 2015, at 19:44, Mark Sapiro wrote:
>
>> Alex Neuman van der Hans wrote:
>>
>>> Suggestion for next version:
>>>
>>> Your-MailScanner-CDN = "http://localhost/"
>>> Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif
>>
>>
>> If you literally mean 'localhost' you can't do that. You have no 
>> control
>> over where the mail client reading the 'disarmed' email might be or 
>> what
>> its notion of 'localhost' is.
>>
>> MailScanner also doesn't know what URL will access 1x1spacer.gif on 
>> the
>> local machine even if it knows where it put it.
>>
>> So really the only sensible default might be
>>
>> Your-MailScanner-CDN = "https://s3.amazonaws.com/mailscanner/images"
>> Web Bug Replacement = %Your-MailScanner-CDN%/1x1spacer.gif
>>
>> -- 
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. 
>> Dylan
>>
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

From mark at msapiro.net  Thu Oct 29 00:49:03 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 28 Oct 2015 17:49:03 -0700
Subject: Update - Web Bug File
In-Reply-To: <9FA34157-0019-409C-98D4-2460B268EC00@theotherbell.com>
References: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
 <56315DD9.1090304@msapiro.net>
 <9FA34157-0019-409C-98D4-2460B268EC00@theotherbell.com>
Message-ID: <56316CFF.9060903@msapiro.net>

On 10/28/2015 05:43 PM, Brenda Bell wrote:
> Actually, that makes me ask another question… will MailScanner work with
> a file URL like file:///etc/MailScanner/1x1spacer.gif?


Essentially no. The problem is MailScanner disarms the web bug by
replacing it's URL with a safe one that doesn't include tracking info.

The issue is if MS puts a file:/// URL in the message as the src of the
image, the client reading the message is probably on the user's
workstation or phone or tablet and the file:/// URL won't work because
the image is on the server, not the client.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From alex at vidadigital.com.pa  Thu Oct 29 14:17:32 2015
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Thu, 29 Oct 2015 09:17:32 -0500
Subject: Update - Web Bug File
In-Reply-To: <56316CFF.9060903@msapiro.net>
References: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
 <56315DD9.1090304@msapiro.net>
 <9FA34157-0019-409C-98D4-2460B268EC00@theotherbell.com>
 <56316CFF.9060903@msapiro.net>
Message-ID: <CANyE0PqfxhKHHj6h7suSUCibf+g32c2NqLWrGw+JyLjCwRhQPA@mail.gmail.com>

I only meant localhost as a placeholder.
On Oct 28, 2015 7:49 PM, "Mark Sapiro" <mark at msapiro.net> wrote:

> On 10/28/2015 05:43 PM, Brenda Bell wrote:
> > Actually, that makes me ask another question… will MailScanner work with
> > a file URL like file:///etc/MailScanner/1x1spacer.gif?
>
>
> Essentially no. The problem is MailScanner disarms the web bug by
> replacing it's URL with a safe one that doesn't include tracking info.
>
> The issue is if MS puts a file:/// URL in the message as the src of the
> image, the client reading the message is probably on the user's
> workstation or phone or tablet and the file:/// URL won't work because
> the image is on the server, not the client.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151029/6983d6db/attachment.html>

From pas at unh.edu  Thu Oct 29 14:48:09 2015
From: pas at unh.edu (Paul Sand)
Date: Thu, 29 Oct 2015 10:48:09 -0400
Subject: Google sites still in phishing.bad.sites.conf?
Message-ID: <20151029144809.GA115559@cisunix.unh.edu>

Hi --

I'm seeing the following 'google.com' sites in a freshly-updated
phishing.bad.sites.conf:

    79.docs.google.com
    www.google.com
    docs.google.com
    drive.google.com
    sites.google.com

I posted on this last month, and I think the upshot was that these sites
shouldn't be in there.

The phishing.safe.sites.conf file contains (redundantly?):

    www.google.com
    docs.google.com
    *.google.com

But apparently "bad" overrules "safe": I'm still seeing "Found definite
phishing fraud" messages on innocuous links in incoming mail.

Adding lines to phishing.safe.sites.custom is also (apparently) not 
saving the day.

This is seriously irking a few folks here.

-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Quantities are limited while supplies last.

From mark at msapiro.net  Thu Oct 29 15:01:06 2015
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 29 Oct 2015 08:01:06 -0700
Subject: Update - Web Bug File
In-Reply-To: <CANyE0PqfxhKHHj6h7suSUCibf+g32c2NqLWrGw+JyLjCwRhQPA@mail.gmail.com>
References: <39EA7700-907F-4772-9510-E1737BD2D4AD@vidadigital.com.pa>
 <56315DD9.1090304@msapiro.net>
 <9FA34157-0019-409C-98D4-2460B268EC00@theotherbell.com>
 <56316CFF.9060903@msapiro.net>
 <CANyE0PqfxhKHHj6h7suSUCibf+g32c2NqLWrGw+JyLjCwRhQPA@mail.gmail.com>
Message-ID: <563234B2.5060307@msapiro.net>

On 10/29/2015 07:17 AM, Alex Neuman wrote:
> I only meant localhost as a placeholder.

OK, but you still need a default setting that will work such as

Your-MailScanner-CDN = "https://s3.amazonaws.com/mailscanner/images"

because some|many|most people aren't going to realize they need to set it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jerry.benton at mailborder.com  Thu Oct 29 15:29:57 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Thu, 29 Oct 2015 11:29:57 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <20151029144809.GA115559@cisunix.unh.edu>
References: <20151029144809.GA115559@cisunix.unh.edu>
Message-ID: <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>

add Google to your custom phishing safe sites

-
Jerry Benton
www.mailborder.com
Sent from my iPhone

> On Oct 29, 2015, at 10:48, Paul Sand <pas at unh.edu> wrote:
> 
> Hi --
> 
> I'm seeing the following 'google.com' sites in a freshly-updated
> phishing.bad.sites.conf:
> 
>    79.docs.google.com
>    www.google.com
>    docs.google.com
>    drive.google.com
>    sites.google.com
> 
> I posted on this last month, and I think the upshot was that these sites
> shouldn't be in there.
> 
> The phishing.safe.sites.conf file contains (redundantly?):
> 
>    www.google.com
>    docs.google.com
>    *.google.com
> 
> But apparently "bad" overrules "safe": I'm still seeing "Found definite
> phishing fraud" messages on innocuous links in incoming mail.
> 
> Adding lines to phishing.safe.sites.custom is also (apparently) not 
> saving the day.
> 
> This is seriously irking a few folks here.
> 
> -- 
> -- Paul A Sand <pas at unh.edu>
> -- Information Technology / University of New Hampshire
> -- http://pubpages.unh.edu/~pas
> -- Quantities are limited while supplies last.
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

From pas at unh.edu  Thu Oct 29 15:53:24 2015
From: pas at unh.edu (Paul Sand)
Date: Thu, 29 Oct 2015 11:53:24 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
Message-ID: <20151029155324.GA120406@cisunix.unh.edu>

* Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 11:34]:
> add Google to your custom phishing safe sites

That is not working for me, Jerry. As I said:

> > The phishing.safe.sites.conf file contains (redundantly?):
> > 
> >    www.google.com
> >    docs.google.com
> >    *.google.com
> > 
> > But apparently "bad" overrules "safe": I'm still seeing "Found definite
> > phishing fraud" messages on innocuous links in incoming mail.
> > 
> > Adding lines to phishing.safe.sites.custom is also (apparently) not 
> > saving the day.

As near as I can tell the "Definite Fraud" check in MailScanner/Message.pm
(around line 7240) does not check the "safe" list. (I could be missing
something, doing something wrong, etc.)


What I have done is add a 'grep -v' to /usr/sbin/update_bad_phishing_sites:

    cat phishing.bad.sites.custom phishing.bad.sites.conf.master | \
    grep -v .google.com$ | \
    uniq > phishing.bad.sites.conf.new

But I shouldn't have had to do that.

-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Too big to fail.

From jerry.benton at mailborder.com  Thu Oct 29 16:13:18 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Thu, 29 Oct 2015 12:13:18 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <20151029155324.GA120406@cisunix.unh.edu>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
Message-ID: <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>

when I get a chance I will hard code the generator to leave Google off

-
Jerry Benton
www.mailborder.com
Sent from my iPhone

> On Oct 29, 2015, at 11:53, Paul Sand <pas at unh.edu> wrote:
> 
> * Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 11:34]:
>> add Google to your custom phishing safe sites
> 
> That is not working for me, Jerry. As I said:
> 
>>> The phishing.safe.sites.conf file contains (redundantly?):
>>> 
>>>   www.google.com
>>>   docs.google.com
>>>   *.google.com
>>> 
>>> But apparently "bad" overrules "safe": I'm still seeing "Found definite
>>> phishing fraud" messages on innocuous links in incoming mail.
>>> 
>>> Adding lines to phishing.safe.sites.custom is also (apparently) not 
>>> saving the day.
> 
> As near as I can tell the "Definite Fraud" check in MailScanner/Message.pm
> (around line 7240) does not check the "safe" list. (I could be missing
> something, doing something wrong, etc.)
> 
> 
> What I have done is add a 'grep -v' to /usr/sbin/update_bad_phishing_sites:
> 
>    cat phishing.bad.sites.custom phishing.bad.sites.conf.master | \
>    grep -v .google.com$ | \
>    uniq > phishing.bad.sites.conf.new
> 
> But I shouldn't have had to do that.
> 
> -- 
> -- Paul A Sand <pas at unh.edu>
> -- Information Technology / University of New Hampshire
> -- http://pubpages.unh.edu/~pas
> -- Too big to fail.
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

From jerry.benton at mailborder.com  Fri Oct 30 00:27:25 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Thu, 29 Oct 2015 20:27:25 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>
Message-ID: <96346EFF-393F-4CB6-B150-A09B329D5187@mailborder.com>

Ummm … I was checking this out. Here is the results:

cat phishing.bad.sites.conf|grep -i google.com

gmail-google.com.mx
79.docs.google.com
accounts.google.com.katabasis.ca
drive.google.com
accounts.google.com.gmailreverificationonline89754serversecured.stephanielassalle.com
verify.google.com.drive.viewdocument.buyers-exporters.com
www.google.com-document-view.alibabatradegroup.com
drive-google-com.grc.com.my
drive-google-com.fanalav.com
drive-google-com.aceclb.com
www.google.com-update.session8738974983749734879ad9awd0dasd34wdawdaad.cafeask.com
doc.google.com.xtraview.esjfsdjfedjfsdjfn.sjdfnjsf832943848sdsbdhfuyebfcn.sian83492921hdsdnfvc9339221.dogwalkingpoulton.co.uk



www.google.com is not in there. 

?

-
Jerry Benton
www.mailborder.com



> On Oct 29, 2015, at 12:13 PM, Jerry Benton <jerry.benton at mailborder.com> wrote:
> 
> when I get a chance I will hard code the generator to leave Google off
> 
> -
> Jerry Benton
> www.mailborder.com
> Sent from my iPhone
> 
>> On Oct 29, 2015, at 11:53, Paul Sand <pas at unh.edu> wrote:
>> 
>> * Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 11:34]:
>>> add Google to your custom phishing safe sites
>> 
>> That is not working for me, Jerry. As I said:
>> 
>>>> The phishing.safe.sites.conf file contains (redundantly?):
>>>> 
>>>>  www.google.com
>>>>  docs.google.com
>>>>  *.google.com
>>>> 
>>>> But apparently "bad" overrules "safe": I'm still seeing "Found definite
>>>> phishing fraud" messages on innocuous links in incoming mail.
>>>> 
>>>> Adding lines to phishing.safe.sites.custom is also (apparently) not 
>>>> saving the day.
>> 
>> As near as I can tell the "Definite Fraud" check in MailScanner/Message.pm
>> (around line 7240) does not check the "safe" list. (I could be missing
>> something, doing something wrong, etc.)
>> 
>> 
>> What I have done is add a 'grep -v' to /usr/sbin/update_bad_phishing_sites:
>> 
>>   cat phishing.bad.sites.custom phishing.bad.sites.conf.master | \
>>   grep -v .google.com$ | \
>>   uniq > phishing.bad.sites.conf.new
>> 
>> But I shouldn't have had to do that.
>> 
>> -- 
>> -- Paul A Sand <pas at unh.edu>
>> -- Information Technology / University of New Hampshire
>> -- http://pubpages.unh.edu/~pas
>> -- Too big to fail.
>> 
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>> 


From jerry.benton at mailborder.com  Fri Oct 30 09:58:17 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Fri, 30 Oct 2015 05:58:17 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <20151029155324.GA120406@cisunix.unh.edu>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
Message-ID: <A8092B55-048A-4D5B-8FB7-458E6A74A785@mailborder.com>

Paul,

I have confirmed with Jules that the safe sites override the bad sites. Are you using the update script from phishing.mailborder.com ? If you are, it creates an additional .custom file for both safe and bad sites. Add your respective sites to each custom file. When the script runs to update the master list of sites, you custom sites should be placed at the top of each of the master files. (.conf files) 

-
Jerry Benton
www.mailborder.com



> On Oct 29, 2015, at 11:53 AM, Paul Sand <pas at unh.edu> wrote:
> 
> * Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 11:34]:
>> add Google to your custom phishing safe sites
> 
> That is not working for me, Jerry. As I said:
> 
>>> The phishing.safe.sites.conf file contains (redundantly?):
>>> 
>>>   www.google.com
>>>   docs.google.com
>>>   *.google.com
>>> 
>>> But apparently "bad" overrules "safe": I'm still seeing "Found definite
>>> phishing fraud" messages on innocuous links in incoming mail.
>>> 
>>> Adding lines to phishing.safe.sites.custom is also (apparently) not 
>>> saving the day.
> 
> As near as I can tell the "Definite Fraud" check in MailScanner/Message.pm
> (around line 7240) does not check the "safe" list. (I could be missing
> something, doing something wrong, etc.)
> 
> 
> What I have done is add a 'grep -v' to /usr/sbin/update_bad_phishing_sites:
> 
>    cat phishing.bad.sites.custom phishing.bad.sites.conf.master | \
>    grep -v .google.com$ | \
>    uniq > phishing.bad.sites.conf.new
> 
> But I shouldn't have had to do that.
> 
> -- 
> -- Paul A Sand <pas at unh.edu>
> -- Information Technology / University of New Hampshire
> -- http://pubpages.unh.edu/~pas
> -- Too big to fail.
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 


From pas at unh.edu  Fri Oct 30 10:05:58 2015
From: pas at unh.edu (Paul Sand)
Date: Fri, 30 Oct 2015 06:05:58 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <96346EFF-393F-4CB6-B150-A09B329D5187@mailborder.com>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>
 <96346EFF-393F-4CB6-B150-A09B329D5187@mailborder.com>
Message-ID: <20151030100558.GA53669@cisunix.unh.edu>

* Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 20:31]:
> Ummm … I was checking this out. Here is the results:
> 
> cat phishing.bad.sites.conf|grep -i google.com

> [...]

> www.google.com is not in there. 
> 
> ?

Not currently, correct. But (honest) it was previously.

Compared to earlier, also removed are 

    docs.google.com
    sites.google.com
    
Still there (as I type):

    drive.google.com
    79.docs.google.com



-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Any spelling mistakes in this message are all entirly my fault.

From jerry.benton at mailborder.com  Fri Oct 30 10:13:45 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Fri, 30 Oct 2015 06:13:45 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <20151030100558.GA53669@cisunix.unh.edu>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>
 <96346EFF-393F-4CB6-B150-A09B329D5187@mailborder.com>
 <20151030100558.GA53669@cisunix.unh.edu>
Message-ID: <3E4A4ED5-AA3B-47D5-B43C-F13AE7349A8B@mailborder.com>

There has been a rash of ransomware using drive.google.com lately. If you want to whitelist it, add it to your custom safe sites. 

-
Jerry Benton
www.mailborder.com



> On Oct 30, 2015, at 6:05 AM, Paul Sand <pas at unh.edu> wrote:
> 
> * Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 20:31]:
>> Ummm … I was checking this out. Here is the results:
>> 
>> cat phishing.bad.sites.conf|grep -i google.com
> 
>> [...]
> 
>> www.google.com is not in there. 
>> 
>> ?
> 
> Not currently, correct. But (honest) it was previously.
> 
> Compared to earlier, also removed are 
> 
>    docs.google.com
>    sites.google.com
> 
> Still there (as I type):
> 
>    drive.google.com
>    79.docs.google.com
> 
> 
> 
> -- 
> -- Paul A Sand <pas at unh.edu>
> -- Information Technology / University of New Hampshire
> -- http://pubpages.unh.edu/~pas
> -- Any spelling mistakes in this message are all entirly my fault.
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 


From pas at unh.edu  Fri Oct 30 10:42:50 2015
From: pas at unh.edu (Paul Sand)
Date: Fri, 30 Oct 2015 06:42:50 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <A8092B55-048A-4D5B-8FB7-458E6A74A785@mailborder.com>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <A8092B55-048A-4D5B-8FB7-458E6A74A785@mailborder.com>
Message-ID: <20151030104250.GA55648@cisunix.unh.edu>

* Jerry Benton <jerry.benton at mailborder.com> [2015-10-30 06:02]:
> I have confirmed with Jules that the safe sites override the bad sites.
> Are you using the update script from phishing.mailborder.com ? 

Yes.

> If you are,
> it creates an additional .custom file for both safe and bad sites. Add
> your respective sites to each custom file. When the script runs to update
> the master list of sites, you custom sites should be placed at the top of
> each of the master files. (.conf files) 

Jules' assertion does not match with my experience, sorry. I've had the
relevant Google sites in phishing.safe.sites.custom since we discussed
this last month, but I still see "Found definite phishing fraud" entries
from MailScanner in my mail logs.

I think the relevant code is here:

https://github.com/MailScanner/v4/blob/master/mailscanner/bin/MailScanner/Message.pm

At line 7310:

    
      #
      # Known Dangerous Sites List code here
      #
      my $AlreadyReported = 0;
      if (InPhishingBlacklist($linkurl)) {
        use bytes;
        print MailScanner::Config::LanguageValue(0, 'definitefraudstart') .
              ' "' . $linkurl . '"' .
              MailScanner::Config::LanguageValue(0, 'definitefraudend') .
              ' ' if $PhishingHighlight;
        $DisarmPhishingFound = 1;
        $linkurl = substr $linkurl, 0, 80;
        $squashedtext = substr $squashedtext, 0, 80;
        $DisarmDoneSomething{'phishing'} = 1 if $PhishingHighlight;
        use bytes; # Don't send UTF16 to syslog, it breaks!
        MailScanner::Log::NoticeLog('Found definite phishing fraud from %s ' .
                                    'in %s', $DisarmLinkURL, $id);
                                    #'in %s', $linkurl, $id);
        no bytes;
        $AlreadyReported = 1;
      }

I don't see any provision for custom (or otherwise) safe sites. I would
expect to see a check for "InPhishingWhitelist($linkurl)" in that case
(which appears in a number of other places in the code).


-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- No measurable fat content.

From pas at unh.edu  Fri Oct 30 10:48:34 2015
From: pas at unh.edu (Paul Sand)
Date: Fri, 30 Oct 2015 06:48:34 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <3E4A4ED5-AA3B-47D5-B43C-F13AE7349A8B@mailborder.com>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>
 <96346EFF-393F-4CB6-B150-A09B329D5187@mailborder.com>
 <20151030100558.GA53669@cisunix.unh.edu>
 <3E4A4ED5-AA3B-47D5-B43C-F13AE7349A8B@mailborder.com>
Message-ID: <20151030104834.GB55648@cisunix.unh.edu>

* Jerry Benton <jerry.benton at mailborder.com> [2015-10-30 06:17]:
> There has been a rash of ransomware using drive.google.com lately. If you
> want to whitelist it, add it to your custom safe sites. 

As noted, I suspect that doesn't work in this case. But even if it did,
is it really appropriate to issue the "Found definite phishing fraud"
error against ALL uses of drive.google.com? 

It's your call, of course. But geez.

-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Slightly higher west of the Mississippi.

From jerry.benton at mailborder.com  Fri Oct 30 10:56:44 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Fri, 30 Oct 2015 06:56:44 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <20151030104250.GA55648@cisunix.unh.edu>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <A8092B55-048A-4D5B-8FB7-458E6A74A785@mailborder.com>
 <20151030104250.GA55648@cisunix.unh.edu>
Message-ID: <CD35F976-9069-42F7-84FE-16F256C0829A@mailborder.com>

Check line 1107 of Config.pm to see how the blacklist is generated sans the whitelist items.

The .custom file is used during the creation of the list and not in the MailScanner code. If you examine the update_xxx files you can see that they read the respective .custom file and place those items at the top of the master lists (phishing.safe.sites.conf and phishing.bad.sites.conf) when those two files are created. MailScanner then reads those two files to determine the phishing bad sites. (Bad sites minus items found in the safe sites.) 

-
Jerry Benton
www.mailborder.com



> On Oct 30, 2015, at 6:42 AM, Paul Sand <pas at unh.edu> wrote:
> 
> * Jerry Benton <jerry.benton at mailborder.com> [2015-10-30 06:02]:
>> I have confirmed with Jules that the safe sites override the bad sites.
>> Are you using the update script from phishing.mailborder.com ? 
> 
> Yes.
> 
>> If you are,
>> it creates an additional .custom file for both safe and bad sites. Add
>> your respective sites to each custom file. When the script runs to update
>> the master list of sites, you custom sites should be placed at the top of
>> each of the master files. (.conf files) 
> 
> Jules' assertion does not match with my experience, sorry. I've had the
> relevant Google sites in phishing.safe.sites.custom since we discussed
> this last month, but I still see "Found definite phishing fraud" entries
> from MailScanner in my mail logs.
> 
> I think the relevant code is here:
> 
> https://github.com/MailScanner/v4/blob/master/mailscanner/bin/MailScanner/Message.pm
> 
> At line 7310:
> 
> 
>      #
>      # Known Dangerous Sites List code here
>      #
>      my $AlreadyReported = 0;
>      if (InPhishingBlacklist($linkurl)) {
>        use bytes;
>        print MailScanner::Config::LanguageValue(0, 'definitefraudstart') .
>              ' "' . $linkurl . '"' .
>              MailScanner::Config::LanguageValue(0, 'definitefraudend') .
>              ' ' if $PhishingHighlight;
>        $DisarmPhishingFound = 1;
>        $linkurl = substr $linkurl, 0, 80;
>        $squashedtext = substr $squashedtext, 0, 80;
>        $DisarmDoneSomething{'phishing'} = 1 if $PhishingHighlight;
>        use bytes; # Don't send UTF16 to syslog, it breaks!
>        MailScanner::Log::NoticeLog('Found definite phishing fraud from %s ' .
>                                    'in %s', $DisarmLinkURL, $id);
>                                    #'in %s', $linkurl, $id);
>        no bytes;
>        $AlreadyReported = 1;
>      }
> 
> I don't see any provision for custom (or otherwise) safe sites. I would
> expect to see a check for "InPhishingWhitelist($linkurl)" in that case
> (which appears in a number of other places in the code).
> 
> 
> -- 
> -- Paul A Sand <pas at unh.edu>
> -- Information Technology / University of New Hampshire
> -- http://pubpages.unh.edu/~pas
> -- No measurable fat content.
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 


From jerry.benton at mailborder.com  Fri Oct 30 11:12:25 2015
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Fri, 30 Oct 2015 07:12:25 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <20151030104834.GB55648@cisunix.unh.edu>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>
 <96346EFF-393F-4CB6-B150-A09B329D5187@mailborder.com>
 <20151030100558.GA53669@cisunix.unh.edu>
 <3E4A4ED5-AA3B-47D5-B43C-F13AE7349A8B@mailborder.com>
 <20151030104834.GB55648@cisunix.unh.edu>
Message-ID: <61DB7165-B130-45B5-956F-10560690034D@mailborder.com>

Ok, it would be great to have a mechanism that detects phishing fraud links. To accomplish this I used phishtank.com to provide the data. The current blacklist has ~11,000 entries based on the latest list from phishtank.com. This is after I have already scrubbed the list changing URL links into hostnames and then removing the common safe sites derived from alexa.com. Am I personally eyeballing every entry into this list on a daily basis? Hell no. It is an automated solution that is available if you want to use it. This is the best free solution I could come with for the MailScanner community that is regularly updated with the latest threats. 

If anyone has a better solution, please send it to me. I will be happy to implement it. The file that is currently used to generate the list on the update server is attached. 

-
Jerry Benton
www.mailborder.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mb-phish-update
Type: application/octet-stream
Size: 4324 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151030/d7846923/attachment.obj>
-------------- next part --------------

> On Oct 30, 2015, at 6:48 AM, Paul Sand <pas at unh.edu> wrote:
> 
> * Jerry Benton <jerry.benton at mailborder.com> [2015-10-30 06:17]:
>> There has been a rash of ransomware using drive.google.com lately. If you
>> want to whitelist it, add it to your custom safe sites. 
> 
> As noted, I suspect that doesn't work in this case. But even if it did,
> is it really appropriate to issue the "Found definite phishing fraud"
> error against ALL uses of drive.google.com? 
> 
> It's your call, of course. But geez.
> 
> -- 
> -- Paul A Sand <pas at unh.edu>
> -- Information Technology / University of New Hampshire
> -- http://pubpages.unh.edu/~pas
> -- Slightly higher west of the Mississippi.
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 


From thomasl at mtl.mit.edu  Fri Oct 30 12:02:08 2015
From: thomasl at mtl.mit.edu (Thomas Lohman)
Date: Fri, 30 Oct 2015 08:02:08 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <20151030104250.GA55648@cisunix.unh.edu>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <A8092B55-048A-4D5B-8FB7-458E6A74A785@mailborder.com>
 <20151030104250.GA55648@cisunix.unh.edu>
Message-ID: <56335C40.5000609@mtl.mit.edu>

> Jules' assertion does not match with my experience, sorry. I've had the
> relevant Google sites in phishing.safe.sites.custom since we discussed
> this last month, but I still see "Found definite phishing fraud" entries
> from MailScanner in my mail logs.

I think one of the things that you're experiencing is that the safe 
sites has "*.google.com" in it and the bad sites has "drive.google.com" 
for example.  When Mailscanner then sees "drive.google.com", the bad 
site entry applies even though one might expect the safe site login 
should handle it since *.google.com should match any google.com domain 
hostname/address.  I would think adding "drive.google.com" to the custom 
safe site file should take care of things.  Like you, I've gotten 
complaints regarding google.com URLs getting false positives so I simply 
wrote a program that takes the bad and safe default files that are 
downloaded each night and it scans the safe and removes anything from 
the bad that matches the regular expressions in the safe. i.e. it sees 
*.google.com in safe so any address in bad that ends in .google.com is 
removed.  This fixed the problem for us.  I can't share the "program" 
since it's just an additional method that is part of a larger utility 
library that is site specific to us and our entire computer setup but it 
should be pretty easy to write something in your favorite language to do 
the same for your setup.


--tom



From pas at unh.edu  Fri Oct 30 16:02:04 2015
From: pas at unh.edu (Paul Sand)
Date: Fri, 30 Oct 2015 12:02:04 -0400
Subject: Google sites still in phishing.bad.sites.conf?
In-Reply-To: <61DB7165-B130-45B5-956F-10560690034D@mailborder.com>
References: <20151029144809.GA115559@cisunix.unh.edu>
 <1DDC0845-0B12-4873-BF43-EB78018C2FB7@mailborder.com>
 <20151029155324.GA120406@cisunix.unh.edu>
 <252C9291-190A-446F-969F-AC37CB29C825@mailborder.com>
 <96346EFF-393F-4CB6-B150-A09B329D5187@mailborder.com>
 <20151030100558.GA53669@cisunix.unh.edu>
 <3E4A4ED5-AA3B-47D5-B43C-F13AE7349A8B@mailborder.com>
 <20151030104834.GB55648@cisunix.unh.edu>
 <61DB7165-B130-45B5-956F-10560690034D@mailborder.com>
Message-ID: <20151030160204.GA78894@cisunix.unh.edu>

* Jerry Benton <jerry.benton at mailborder.com> [2015-10-30 07:12]:
> Ok, it would be great to have a mechanism that detects phishing fraud
> links. To accomplish this I used phishtank.com to provide the data. The
> current blacklist has ~11,000 entries based on the latest list from
> phishtank.com. This is after I have already scrubbed the list changing URL
> links into hostnames and then removing the common safe sites derived from
> alexa.com. Am I personally eyeballing every entry into this list on a
> daily basis? Hell no. It is an automated solution that is available if you
> want to use it. This is the best free solution I could come with for the
> MailScanner community that is regularly updated with the latest threats. 

I hope I haven't given offense. We have been using MailScanner at the
University of New Hampshire since 2002. We are obviously happy with it,
and your hard work is appreciated.

> If anyone has a better solution, please send it to me. I will be happy to
> implement it. The file that is currently used to generate the list on the
> update server is attached. 

Your code seems to want to remove Alexa's top 500 domains from the
data returned from phishtank.com. E.g., since 'google.com' appears in Alexa,
phishtank.com entries like

    www.google.com
    docs.google.com
    sites.google.com
    [...]
    anything-else.google.com

should not go into the master phishing.bad.sites.conf. Correct?

I think that's an excellent idea, but the code doesn't quite do that.

My suggestion would be to construct a regex from the Alexa data.
Around line 84, after the data array is constructed:

    $safesite_regex = '/^(\w[\w-]*\\.)*?(' . implode('|', $data) .  ')$/i';

Then the test later in the code:

    }elseif(in_array($thing['host'], $safeParsedData)){

could be replaced with 

    }elseif(preg_match($safesite_regex, $thing['host'])){

This would also allow you to get rid of your 'www' hack and
special-case handling for google.com.

Multiple Disclaimers: PHP is far from my strongest language. Gurus scoff
at my regex skills. I can't test this as robustly as I would like due
to the bandwidth limits at phishtank.com. So (said in my best spooky
Halloween voice): Beware!

-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Parts of this message may have been electronically reproduced.